Returen to PCI services


PA-DSS Testing and Consulting

What atsec offers
atsec (Beijing) Information Technology Co., Ltd (“atsec China” for short) is certified by the Payment Card Industry Security Standards Council (PCI SSC) as a Payment Application Qualified Security Assessor (PA-QSA). atsec China can assess your payment application for compliance with the Payment Application Data Security Standard (PA-DSS). Currently atsec China provides PCI PA-QSA service for the Asia Pacific market. This service leverages atsec’s IT security expertise to help payment application developers satisfy the security requirements of the PA-DSS.

  • atsec has a high level of expertise in consulting clients on how to apply and implement IT security standards, as well as in evaluating IT operations, products and systems against standardized criteria.
  • atsec China is a qualified security assessor (QSA) accredited by the PCI SSC to perform third party PCI security assessments globally.
  • atsec has specialist expertise in conducting source code review, Common Criteria evaluation, FIPS 140-2 testing, algorithm validation, SCAP and penetration testing.
  • atsec has conducted a large number of security audits and assessments for customers of varying sizes, including customers in the telecommunications, energy, financial and defense sectors, which results in a wide practical experience in assessing applications and systems.

Why our services are important to you
The goal of the PA-DSS is to help software vendors that provide payment applications to others develop secure applications that do not store prohibited data (such as full magnetic stripe copies or sensitive authentication data) and support compliance with the PCI Data Security Standard, e.g., by implementing user authentication and logging as required in that standard. Many card brands require that such applications are tested by independent laboratories, i.e. a PA-QSA company such as atsec.

The requirements of the PA-DSS for payment applications include the following.

  • Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV2), or PIN block data
  • Protect stored cardholder data
  • Provide secure password features
  • Log application activity
  • Develop secure applications
  • Protect wireless transmissions
  • Test applications to address vulnerabilities
  • Facilitate secure network implementation
  • Cardholder data must never be stored on a server connected to the Internet
  • Facilitate secure remote software updates
  • Facilitate secure remote access to application
  • Encrypt sensitive traffic over public networks
  • Encrypt all non-console administrative access
  • Maintain instructional documentation and training programs for customers, resellers, and integrators

For more information
For more information about the PA-DSS please visit https://www.pcisecuritystandards.org or contact atsec at info_cn@atsec.com.

Contact:
Authoritative Website:
Downloads
PCI PA DSS RFI
atsec PCI Presentation
atsec Company Presentation
Change Language: