PCI Compliance for Manufacturers

PCI for Manufacturers – PA DSS

As a manufacturer and vendor of payment solutions, terminals, cash machines, and payment-related software applications, you need to demonstrate that your products are in conformity with the Payment Application Data Security Standards (PA DSS). For this purpose, we offer an in-depth service customised to the specific needs of your company.

We accompany you along every single step of the process, ensuring that you will obtain the PA DSS certification you need as a manufacturer of payment solutions. As a certification body, we offer you the required security standards, plus further optional services to improve the security of your products in credit card transactions:

• Pre-compliance advisory to ensure dedicated preparation of your organization for PA DSS certification

• Remediation, technical advisory, and support in implementation of requirements

• Performance of certification in the form of an on-site review, followed by issue of the TÜV SÜD certification mark and entry into the database of the PCI Council

PA DSS as basis for PCI DSS compliance

The PCI Council developed the Payment Application Data Security Standard (PA DSS) to prevent payment card theft and fraud based on errors in the design, programming, or configuration of payment software. Distribution partners, integrators, and contracting partners which purchase, sell, or install payment applications must ensure that the payment applications they use are certified in accordance with PA DSS.

The 14 main requirements, including a total of 90 detailed requirements, mainly refer to the following software functions:

• Storage and protection of sensitive data

• Access control and logging

• Design and development of secure software systems

• Documentation of safety-relevant functions

• Implementation in secure network architectures

Services for your PA DSS compliance

As well as performing certification, we already assist you during preparation to ensure you will be able to implement all compliance requirements by the time of your on-site audit.

Pre-compliance advisory before PA DSS certification

Providing workshops and technical advisory services, we help software vendors to interpret PA DSS requirements for their own organizations and identify related nonconformities in their payment applications. We work with you to discuss the measures needed for conformity with the requirements and identify which business units must be involved.

Remediation and support for the PCI certification of manufacturers

Working with the manufacturers and vendors of payment software, we review the design process and the implementation of their payment applications to correct any potential nonconformities with the PA DSS standard. In this process, vendors and manufacturers benefit from our qualified auditors and their longstanding wealth of know-how, which enables our auditors to verify software improvements for their effectiveness with respect to security standards.

PA DSS certification for payment applications

Working with the responsible employees, our auditors carry out periodic on-site reviews in which they assess whether the software manufacturer complies with PA DSS requirements. After the review, the results will be documented in a detailed report. In case of a positive result, the TÜV SÜD certification mark will be affixed to your payment application, guaranteeing the security of the products. In addition, the payment software will be entered in the “PA DSS listed Payment Applications” register.

The on-site review for PA DSS compliance covers the following services:

• Inspection of server rooms

• Interviews with employees in the following areas: IT, application development, system administration, HR

• Review of process documentation and hardening guidelines

• Software testing for system configuration and patch status

• Review of the implementation guide and appropriate Installation

Improved security with software applications certified according to PCI DSS

Technological progress in payment transactions is only possible if you ensure security in the handling of personal data in your role as a provider of payment applications. Merchants in eCommerce, retailers, banks, acquirers and, not least, cardholders rely on software manufacturers to provide secure payment applications. By partnering with us, you gain the support of an experienced and accredited certification body, which is renowned––including among your stakeholders––for ensuring the safe and secure implementation of innovative technologies.

• Work with us and achieve efficient, cost-effective, and fast compliance with PCI certification requirements.

• Partner with us and take further actions to improve the security of your software beyond compliance with the PCI standard.

• Show your commitment to safety and quality with the well-established TÜV SÜD certification mark.