|
|
 |
 |
 |
|
Contact FortConsult if you wish to know: |
 |
| - | How to interpret the security requirements in PA DSS |
|
| - | Whether you have the option of exemption from PA DSS certification |
|
| - | How to be PA DSS validated in the quickest and most straightforward manner |
|
| - | How you can minimise your costs in qualifying for PA DSS validation |
We can also help you obtain PA DSS vali- dation. |
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
| FortConsult is the only Danish enterprise which is certified by the credit card companies to both conduct audits and security scans of enter- prises' critical payment systems in accordance with PCI DSS - and to check security in payment software in accordance with PA DSS. |
|
|
|
|
|
|
|
|
|
 |
|
 |
| PCI DSS applies to all systems that transmit or store data and other applications and units that are not separated from these to a satisfactory degree. For banks that have outsourced operations to a data centre, this primarily involves your own network, workstations and processes. In addition, it is important to underline that the standard applies to card data on all media, i.e. also printed matter. |
|
| |
| An overview of what a bank should normally focus on is shown below. However, it is important that you are aware of the importance of having the standard reviewed in full and identifying the areas that are relevant for your particular bank. |
|
| |
The following main areas are primarily the bank's own responsibility:
- Management of rights for the bank's employees
- Wireless network
- Safeguarding of the network's units on the local network
- The security of workstations and the bank's own servers, incl. updating and antivirus
- Security policy
- Access requirements
- Sub-suppliers' compliance with PCI DSS
- ATMs
|
|
| |
| If you as a bank develop your own applications that have access to card data or access to systems containing card data, a large number of the requirements of PCI DSS have to be complied with. Contact us if you wish to know which requirements are involved. |
| |
| Compliance with other standards |
| We would also like to draw your attention to the fact that applications with card data developed by external partners must be certified in accordance with the Payment Application Data Security Standard (PA DSS), which is a sister standard to PCI DSS. Read more about the PA DSS requirements and to which enterprises they apply here. |
|
| |
| Banks must also comply with the PCI PIN standard. |
|
| |
| If you have any questions concerning which areas to focus on in order to be PCI DSS validated, you are welcome to contact FortConsult. |
|
| |
In the following, you can read more about PCI DSS itself and what it means for European banks:
|
|
|
|
|
|
|
|
 |
|
| - | PCI DSS certified in 2004 to perform security scans as the first and only company in Scandinavia. |
|
| - | PCI DSS certified in 2005 to conduct audits as the first and only company in Scandinavia. |
|
| - | Chosen by the bank sector in Denmark to help all Danish bank data centres to acquire PCI DSS validation due to our early PCI DSS certification, our considerable experience in the PCI area and our extensive knowledge of the financial sector. |
|
| - | Permanent PCI DSS service provider to all Danish banks needing PCI DSS assistance. |
|
| - | Has carried out PCI DSS tasks for some of the biggest retail chains in Scandinavia at international level. |
|
| - | Is today the leading PCI DSS service provider in Scandinavia and the Baltic. We have, for instance, certified more than 60 percent of the enterprises on VISA's list of validated Scandinavian service providers. |
|
| - | PA DSS certified in 2008 as the first and only company in Denmark - and among the first 14 in the world.
|
|
|
|
|
|
|
|
|
|
|
