Payment Application Data Security Standard (PA DSS) is a security standard that defines the set of requirements to be met by applications or electronic payment products sold to third parties. While PCI DSS certifies that the security measures of the processes that store, treat or transmit credit card data are adequate and, therefore, applies to companies, a certified PA DSS requirements on products sold, operated by the customer or the supplier provided they are not ad-hoc developments for a single client.
Its purpose is to reduce fraud related to credit cards caused by any deficiencies in applications using commercial, service providers and acquiring entities to increase the security of this data.
PA DSS is the development of the VISA program PAPB that 2008 was transferred (as the PCI DSS in 2006) to the PCI Security Standards Council (PCI SSC), an agency that has come to manage this standard, its development and approval of companies that can perform product certification audit. This approval is called PA-QSA (Qualified Payment Applications Security Assessor).
Internet Security Auditors was the first Spanish company to be certified PA-QSA to its previous security experience as QSA in many banks, telcoms, service providers, IPSPs / ISPs / ASPs and merchants in all sectors (tourism, Internet gaming, e-commerce, etc.) and their recognized knowledge in the area in application developmentsecurity , forensics and ethical hacking, essential knowledges to ensure that audits meet a PA QSA Quality Assurance requirements that are mandatory by the PCI SSC.
 |
 |
 |
Internet Security Auditors, with due its expertise in consulting and auditing information security, is ready to help those organizations who are required to implement and maintain a compliance program requirements required by PCI DSS and PA DSS. It has therefore developed the following services:
Internet Security Auditors, with its implementation consulting service aims to provide all necessary support organizations and guide them in creating the documentation for the application or platform to certify, in addition to offer any knowledge on standards PCI DSS and PA DSS definition and maintaining compliance program with both standards.
Internet Security Auditors its an accredited auditing by the PCI SSC, through its PA-QSA Certification to conduct certification audits of those manufacturers of payment application or platform that they want to certify their products (ticket machines, parking meters, payment gateways, POS , etc.) being the first and only Spanish company to obtain this certification by the PCI SSC.
The first step in meeting the requirements of PA DSS is to perform a manual analysis of the application or platform, to identify whether the level of detail is achieved, the technical datelles deployment is appropriate, and so on.
The second step is to deploy the test lab where technical validations to perform the following with the PA DSS requred required auditing procedures to be followed faithfully and the manual.
The third step is to prepare and document the results in order to prepare the documentation required by the PCI SSC to start the process of accepting cetificados products.