For software manufacturers, we offer an integrated solution for Payment Application Data Security Standard certification (PA DSS certification). We are at your side every step of the way, supporting you with individual advice and the necessary security audits.
As a manufacturer and vendor of payment solutions, terminals, cash machines, and payment-related software applications, you need to demonstrate that your products are in conformity with the Payment Application Data Security Standards (PA DSS). For this purpose, we offer an in-depth service customised to the specific needs of your company.
We accompany you along every single step of the process, ensuring that you will obtain the PA DSS certification you need as a manufacturer of payment solutions. As a certification body, we offer you the required security standards, plus further optional services to improve the security of your products in credit card transactions:
Pre-compliance advisory to ensure dedicated preparation of your organization for PA DSS certification
Remediation, technical advisory, and support in implementation of requirements
Performance of certification in the form of an on-site review, followed by issue of the TÜV SÜD certification mark and entry into the database of the PCI Council
PA DSS AS BASIS FOR PCI DSS COMPLIANCE
The PCI Council developed the Payment Application Data Security Standard (PA DSS) to prevent payment card theft and fraud based on errors in the design, programming, or configuration of payment software. Distribution partners, integrators, and contracting partners which purchase, sell, or install payment applications must ensure that the payment applications they use are certified in accordance with PA DSS.
The 14 main requirements, including a total of 90 detailed requirements, mainly refer to the following software functions:
- Storage and protection of sensitive data
- Access control and logging
- Design and development of secure software systems
- Documentation of safety-relevant functions
- Implementation in secure network architectures
SERVICES FOR YOUR PA DSS COMPLIANCE
As well as performing certification, we already assist you during preparation to ensure you will be able to implement all compliance requirements by the time of your on-site audit.
PRE-COMPLIANCE ADVISORY BEFORE PA DSS CERTIFICATION
Providing workshops and technical advisory services, we help software vendors to interpret PA DSS requirements for their own organizations and identify related nonconformities in their payment applications. We work with you to discuss the measures needed for conformity with the requirements and identify which business units must be involved.
REMEDIATION AND SUPPORT FOR THE PCI CERTIFICATION OF MANUFACTURERS
Working with the manufacturers and vendors of payment software, we review the design process and the implementation of their payment applications to correct any potential nonconformities with the PA DSS standard. In this process, vendors and manufacturers benefit from our qualified auditors and their longstanding wealth of know-how, which enables our auditors to verify software improvements for their effectiveness with respect to security standards.
PA DSS CERTIFICATION FOR PAYMENT APPLICATIONS
Working with the responsible employees, our auditors carry out periodic on-site reviews in which they assess whether the software manufacturer complies with PA DSS requirements. After the review, the results will be documented in a detailed report. In case of a positive result, the TÜV SÜD certification mark will be affixed to your payment application, guaranteeing the security of the products. In addition, the payment software will be entered in the “PA DSS listed Payment Applications” register.
The on-site review for PA DSS compliance covers the following services:
- Inspection of server rooms
- Interviews with employees in the following areas: IT, application development, system administration, HR
- Review of process documentation and hardening guidelines
- Software testing for system configuration and patch status
- Review of the implementation guide and appropriate Installation
IMPROVED SECURITY WITH SOFTWARE APPLICATIONS CERTIFIED ACCORDING TO PCI DSS
Technological progress in payment transactions is only possible if you ensure security in the handling of personal data in your role as a provider of payment applications. Merchants in eCommerce, retailers, banks, acquirers and, not least, cardholders rely on software manufacturers to provide secure payment applications. By partnering with us, you gain the support of an experienced and accredited certification body, which is renowned––including among your stakeholders––for ensuring the safe and secure implementation of innovative technologies.
Work with us and achieve efficient, cost-effective, and fast compliance with PCI certification requirements.
Partner with us and take further actions to improve the security of your software beyond compliance with the PCI standard.
Show your commitment to safety and quality with the well-established TÜV SÜD certification mark.
Irrespective of whether you are a payment service provider or a provider of hosting and cloud services, as a service provider you come into contact with a host of confidential data when processing transactions, hosting information, or supplying credit card connectivity.
To safeguard data security standards, credit card schemes and acquirers impose mandatory PCI certification on businesses that process credit card information. Given this, as a service provider, you also need to be in compliance with the Payment Card Industry Data Security Standard (PCI DSS) and fulfill the relevant security requirements.
But staying on top of things and successfully mastering all steps for PCI DSS certification may prove challenging for service providers. As a certification body authorized by the PCI Council, we assist you in all aspects of your PCI DSS compliance for service providers, and support you in areas such as:
- Training and assessment preparation through in-depth information and introductory workshops on PCI DSS for service providers.
- Advice and support on compliance along the road to certification by applying our proven frameworks
- Performance of vulnerability scans (ASV) using our compliance portal, where existing problems are directly identified and addressed in detail.
- Assessment services in the form of an on-site review by our auditors