 |
| Generally speaking, the PA DSS must be complied with in full within the deadlines that the acquiring banks lay down. In practice, this takes place either through an audit being conducted by a qualified security assessor, such as FortConsult, in order to validate your software, or by completing a self-assessment questionnaire. FortConsult can provide advice and assistance in both cases. |
| |
| Gap analysis from FortConsult |
| FortConsult recommends that you first of all consider having a gap analysis carried out in order to identify areas in which you do not comply with the PA DSS. You will then be ready to have a PA DSS audit conducted in the quickest and most straightforward manner - without the risk of being rejected by the PCI Council. |
|
| |
| The gap analysis will help clarify what the PA DSS is all about and where the greatest security challenges are to be found in your software and associated development processes. It will provide answers as to how you can best remedy the areas in which you do not already comply with the PA DSS. The gap analysis documents areas which lack compliance in relation to the formal technical requirements of the PA DSS and provides an overview of the areas, which need to be rectified - in prioritised order - in order to improve your security so that you can validate your PA DSS compliance. |
|
| |
| When the gap analysis has been completed, you are then able to assess whether to continue and have an audit performed or whether you simply wish to develop secure applications on the basis of the new security knowledge you have acquired (provided that there is no requirement that an audit has to be carried out). |
|
| |
| If you are uncertain as to whether you wish to have a gap analysis carried out, you are welcome to call us for a non-binding discussion about the PA DSS in relation to your software. We also have the opportunity to offer you a workshop where we will be able to shed some light on how far you are in overall terms of being able to pass a PA DSS audit - in the event that an actual gap analysis is excessively complicated for your needs. |
| |
| PA DSS audit from FortConsult |
| A PA DSS audit is designed to security test your software and have the test report approved by the PCI Council. FortConsult is the only Danish enterprise that has been granted permission to audit businesses in accordance with the PA DSS on behalf of the credit card companies and their organization, the PCI Council. |
|
| |
| FortConsult PA DSS audits are conducted in our own test lab, which has been set up specifically for this purpose. Our test lab is connected to acquiring banks and functions as a complete testing environment where we can send transactions to the acquirers. |
|
| |
| When we conduct a PA DSS audit, we first of all install the software that is to be PA DSS validated in our test lab, according to your instructions and ensure that can operate within a PCI DS compliant environment. We then test the software in order to find out whether it meets PA DSS requirements - both when running under standard operating conditions and when it is subjected to unexpected situations, such as when the Internet connection is interrupted or when the equipment is turned on or off during a transaction. We test the software, e.g. by subjecting it to a large number of "proper" transactions, which is made possible by our "real life" test environment. We also check whether your secure implementation guide documentation is sufficiently comprehensive so that a customer can install the application in a way, which is PCI DSS compliant. |
|
| |
| Finally, we draw up a report concerning the software test and its results, which we submit to the PCI Council. When this report has been approved by the PCI Council, your enterprise will be published on the PCI Council's website on the list of validated PA DSS software vendors. Your enterprise now has proof that it fully complies with PA DSS, thus transferring the risk and thereby any claims for not being PA DSS security validated to FortConsult. |
|
| |
| Regardless of whether you choose to have a gap analysis or a PA DSS audit conducted by FortConsult, we will put one of our experienced PCI/PA consultants at your disposal who can guide you through the process and at the same time make sure that you acquire as much knowledge as possible of the PA DSS area. Since our consultants are certified by the credit card companies to provide advice and check that business enterprises meet PA DSS requirements, they can provide you with the best possible advice and consulting. |
|
| |
| You can read more about the security requirements in PA DSS in the following, as well as how to obtain PA DSS validation in the easiest possible manner. |
|
| |
|
