Validating your payment application with PA DSS
The standard's primary objective is to secure cardholder data, particularly sensitive authentication data such as the PIN, the CVV and magnetic stripe data, as processed by payment applications.
PA DSS is relatively similar to PCI DSS in the sense that you will need to have a number of controls in place and respond to a set of requirements. A PA-DSS Implementation Guide (IG) must be prepared in order to provide customers with information on how to configure the application for PCI DSS compliance and your application must be thoroughly tested by a PA-QSA in a lab environment to ensure that it is not affected by security defects. The process ends with the preparation of a Report On Validation (ROV).
Five Security assessors have validated some very well known applications available on the PA DSS market today and are well-aware of the challenges involved and how to solve those.
The PA DSS Gap analysis aims to identify all components that may be missing from your development practices in order to build a secure payment application that implements all required controls.
PA DSS workshops
Five Security's expertise is available to you when you need help with specific areas of PA DSS without necessarily covering all domains. Examples of this includes clarifying the encryption requirements or evaluating the impact of the new version 3.0 of PA DSS to your business.
Five Security can assist during the implementation phase of a PA DSS project by providing the expertise required to help establish security controls in the various areas of the standard. We can also help you gathering the content required for your PA DSS Implementation Guide.
PA DSS training
We help your developers understand the requirements and the intent of PA DSS. This training allows your team to get in depth with all sections of the standard and prepare them for the formal PA DSS assessment.
The PA-DSS requirements
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities.
8. Facilitate secure network implementation.
10. Facilitate secure remote software updates.
11. Facilitate secure remote access to payment application.
12. Encrypt sensitive traffic over public networks.
13. Encrypt all non-console administrative access.
14. Maintain instructional documentation and training programs for customers, resellers, and integrators.