Home
  News White Papers Customers
  CA Contact Imprint
Smartcards Secure Networks Security Audits MasterCard Audits PCI DSS Ethical Hacking Computer Forensic Security Concepts Security Management Data Protection PKI Project Management Evaluation Lab Test and Quality Assurance SRC Academy
Secure Networks - PCI DSS
Print version

PCI DSS - One-stop Consultation, certification and realisation from SRC

SRC is an accredited Qualified Security Assessor (QSA) by the PCI Data Security Standards Council (PCI SSC) and is permitted to perform Audits according to the PCI Data Security Standard (PCI DSS). Additionally, as an Approved Scanning Vendor (ASV) SRC is authorised to perform PCI DSS Security Scans and therefore is able to support companies during the entire PCI certification process.

... Prior to the Audit: Strategic consultation on realisation processes

Besides a pragmatic certification procedure that tries to reduce the effects of PCI DSS on your business processes as far as possible, we offer individual services around PCI DSS (e.g. the realisation of workshops or the conception of solutions) to banks, acquirers, Payment Service Providers (PSP), Data Storage Entities (DSE) and merchants. An essential goal is finding solutions together to reduce the impact of PCI DSS to your systems. Our experience from a multitude of consulting projects, a pragmatic approach and a consideration of unorthodox measures enable us to implement the requirements of the PCI DSS in a way that is economically reasonable.
Our good relations to the payment schemes allow us to support companies by gaining compliance that initially did not stand in the focus of PCI DSS and where the interpretation of PCI DSS and its scope is essentially challenging.

Payment Applicarion Data Security Standard (PA-DSS)

The Payment Application Data Security Standard (PA-DSS) originated in, and replaces, the Payment Application Best Practices. The PA-DSS is directed towards businesses that are developing software that can be used for processing credit card data. Examples of software products that are accredited according to the PA-DSS are Web-Shop-Software, Payment-Solutions or Customer-Management-Systems.
The intention of PA-DSS is to support the development of secure applications by software producers, as well as securing of sensitive data (e.g. credit card data). PA-DSS accredited merchants can assure their clients, that the used software suffices the requirements of the standard.
SRC is accredited by the credit card organisations MasterCard and Visa, as a Payment Application Qualified Security Assessors (PA-QSA), to conduct software auditing according to the Payment application standard. If you want to provide your customer with the possibility to obtain a PCI DSS certification by means of your software, then it is possible, with a PA-DSS certification, to pass this advantage to your customers and differentiate yourself from your competitor.

Examples of use

  • A big merchant wants to reduce the impact of the PCI DSS as much as possible. SRC analyses the applications and business areas that include data relevant to the PCI DSS and designs a concept for the reduction of such processes and applications
  • A manufacturer of POS Systems wants to make his products compliant to PCI DSS. SRC assists in defining the exigencies.
  • An issuing und acquiring processor wants to be audited according to PCI DSS. SRC provides an individually designed concept for step-by-step auditing, coordinates the proceeding with the payment schemes and the PCI DSS and carries the audit out according to the previously defined approach.

Further Information

PCI DSS Newsletter

SRC has successfully started its free newsletter about PCI DSS on July 1st. If you are interested in the latest news about the Data Security Standard and have not subscribed so far, just send a mail to pci-news[at]src-gmbh.de with the subject "subscribe".

SRC Case Study

Due to its long-time experience, combined know-how and efficiency in the field of physical and logical audits, SRC has gained a high level confidence from its customers. Apart from cost savings that are achieved by combining the audits, we strive to demonstrate our customers the ongoing significance of the PCI standard and its implications in order to ensure that they feel increasingly confident with the handling of cardholder data and consequently manage to enhance their company's establishment in the market. In 2008, SRC has compiled a case study which serves to clarify the importance, SRC attaches to its role as a negotiator between its customers and the credit card organisations.

References

SRC coaches national and international large acquirers with the implementation of the PCI Data Security Standards. SRC supports a total of about 50 service providers in gaining a PCI DSS certification, among these are also well-known companies that SRC has closely cooperated with for a long time.

Montrada
Infos
Thilo W. Pannen
Manuel Atug


Telefon: +49(0)228 / 2806 - 166
Telefax: +49(0)228 / 2806 - 199
Top Copyright © SRC Security Research & Consulting GmbH