|
|
 |
 |
|
 |
| The widely used security standard, PCI DSS, now has a sister standard called PA DSS (Payment Application Data Security Standard), which is designed to make payment applications more secure. The credit card companies are hereby addressing one of the weakest links in the PCI chain in order to achieve the necessary degree of card security in the many physical as well as electronic retail stores. |
|
| |
| FortConsult is one of just a handful of Scandinavian enterprises - out of 39 on a global scale - that has been certified by the credit card companies to test security in payment software in accordance with PA DSS. The major investment required, which includes a new test lab, is seen by FortConsult as a logical step in the enterprise's endeavours to cement its leading position in the PCI area in Europe. |
|
| |
| The credit card companies, led by VISA and MasterCard and their common organisation the PCI Council, have launched a new security standard designated PA DSS, which follows in the wake of the extensively used sister standard, PCI (Payment Card Industry). Whilst PCI DSS concerns enterprises that handle credit card transactions, PA DSS applies to enterprises that develop or install payment software and dankort solutions that are used extensively in Danish retail outlets, banks, ATMs and e-business solutions. |
|
| |
| PCI DSS was introduced in 2004 and has already been implemented to a considerable extent in USA and Europe. Numerous enterprises are today governed by this standard, including shops, banks and payment gateways. Now it is the turn of a new standard, PA DSS, which addresses one of the weakest links in the PCI chain: Security in the retail outlets' payment applications. The first American and European companies are fully engaged in the process of being PA DSS certified - e.g. integrators which develop software for cash registers and terminal suppliers which develop payment terminals for shops. |
| |
| Certified as one of the first in Scandinavia |
| In order to help provide advice and vouch for security in the numerous different types of payment software that have to comply with PA DSS, the credit card companies have nominated and certified 39 security firms around the world. FortConsult is the only Danish enterprise - and one of just a handful of Scandinavian enterprises - that has applied for and successfully qualified for PA DSS certification. Ulf Munkedal, Managing Director of FortConsult, states: "We're pleased to be among the first in Scandinavia to be able to help software vendors have their payment software validated so that their customers don't risk any actions for damages being brought against them by the credit card companies if the software is hacked. Being in a position to security test payment software has required considerable investment on our part, but our long-standing experience of hacking IT systems and our foothold in the financial sector have been of great help in our efforts to get off to a good start." |
| |
| Focus on PCI |
| According to Ulf Munkedal, it has been a logical decision for FortConsult to become PA DSS certified. "We have a declared goal of being a leader in the PCI area in Europe, and being capable of security testing payment software in accordance with PA DSS is a must if we wish to gain access to even more customers and new market segments both in Scandinavia and in the rest of Europe. We were among the first to be certified to carry out checks of enterprises' payment systems in accordance with PCI DSS, and since we qualified for certification in 2004 we've built up a lucrative area of business which helps to ensure that we continue to receive many enquiries from new customers throughout Europe", says Ulf Munkedal. |
| |
| Technician's dream becomes reality |
| FortConsult's new test lab is up and running, and the enterprise's security consultants have undergone a comprehensive training programme in the USA in order to be ready to test the first software solutions. Ulf Munkedal: "It's extremely motivating for our technicians that they can now also test 'live' credit card systems that are coupled up to PBS and foreign banks in our new test lab. Having the chance to hack an 'ATM' is without doubt one of the most exciting tasks for a security tester today." |
|
| |
| With its 26 employees, FortConsult is the largest employer of security testers in Scandinavia. With its PA DSS certification, the security enterprise hopes to achieve a further seal of approval with regard to its hacker expertise. Ulf Munkedal points out: "There's no doubt that both standards - PCI and PA - are here to stay, and that the credit card companies will do all they can to enforce compliance with these standards. For example, VISA has recently published a list of vendors that sell applications with inadequate security." |
|
| |
| For further information, please contact FortConsult, Managing Director Ulf Munkedal on tel. +45 7020 7525 or +45 2172 0065. |
| |
| FortConsult's PCI history |
- PCI DSS certified in 2004 to perform security scans as the first and only company in Scandinavia.
- PCI DSS certified in 2005 to conduct audits as the first and only company in Scandinavia.
- Chosen by the financial sector in Denmark to help all Danish data centres to acquire PCI DSS validation due to our early PCI DSS certification, our considerable experience in the PCI area and our extensive knowledge of the financial sector.
- Permanent PCI DSS service provider to all Danish banks - and a number of European - needing PCI DSS assistance.
- Has carried out PCI DSS tasks for some of the biggest retail chains in Scandinavia at international level.
- Is today the leading PCI DSS service provider in Scandinavia and the Baltic. We have, for instance, PCI DSS validated more than 60 percent of the enterprises on VISA's list of validated Scandinavian service providers.
- PA DSS certified in 2008 as the first and only company in Denmark - and among the first 14 in the world. Is today one of only a handful of PA DSS service providers in Scandinavia.
|
| |
| Facts about FortConsult A/S |
| FortConsult is a specialist in technical services within the field of IT security. We provide business enterprises with clear information about whether their IT systems are secure, thus enabling them to achieve better protection against security threats and the peace of mind to be able to more fully exploit their IT solutions. Our primary services are impartial security tests and security assessments in accordance with PCI DSS. Our customer group includes Air Greenland, Alm. Brand, Arla Foods, Bankdata, BEC, BRFkredit, Danske Bank, Danske Spil, DIBS Payment Services, DONG Energy, DSB, the Danish parliament, the Danish Veterinary and Food Administration, KMD, Lego Systems, Nomeco, Nordea Bank Norway, PBS, Rambøll, SIBS, TrygVesta, TDC, YesPay and many more besides. |
|
