PA-DSS validation assessment is the evidence of secure processing of
the cardholder data and the possibility to implement an application
into PCI DSS certified information infrastructure. Digital Security
has the PA-QSA status which enables the company to offer services of
payment applications certification in accordance with PA-DSS
requirements. Also company has own Research Center which has a huge
expertise in application security analysis and enjoys international
recognition.
Validation Stages
1. Preliminary application analysis
- Documentation analysis, interview client’s employees
- Analysis of software development process
- Preliminary assessment of PA-DSS compliance
- Application security assessment according to the Digital Security Research Group Business Application Security Analysis Methodology
- Elaboration of recommendations to adjust an application to PA-DSS requirements
2. Consulting during adjustment of application to PA-DSS requirements
- Consulting client’s employees during the process of adjustment an application to the PA-DSS requirements
- Consulting client’s employees while the elaboration of the Application Implementation Guide
- Training for secure software development methods of payment application developers
- Elaboration of the Implementation Guide which meets PA-DSS requirements
- Elaboration of regulatory documentation in accordance with PA-DSS requirements
- Control checks during the process of adjustment an application to PA-DSS requirements
3. Validation of application’s PA-DSS compliance
- Validation assessment of the Implementation Guide
- Validation assessment of software development process
- Validation assessment of application security in the testing laboratory
- PA-DSS compliance validation assessment
- Preparation of the Report on Validation
Applied Methodology
- PA-DSS Requirement and Security Assessment Procedures is the methodology, developed and approved by PCI SSC. Assessment procedure is strictly regulated and
describes in detail the actions of a PA-QSA, who performs assessments on payment applications and development process. The summary is given with the reference to
documentation analysis, employees’ interview and application security assessment in the testing laboratory conditions.
- Digital Security Research Group Business Application Security Analysis Methodology. This methodology is the product of the company’s rich experience in
security analysis of applications, such as ERP, computer-assisted banking systems, web-applications, data storage management systems and other applications, which
differ in their functionality and complexity. The approach is based on generally accepted methods of application research described in PCI DSS Requirements and
Security Assessment Procedures, OWASP Testing Guide, WASC Threat Classification, PA-DSS Requirement and Security Assessment Procedures and completed with the
expertise, got during performing different security assessment projects, as the part of DSecRG research work.
Validation Results
Payment application developer is given all documentation, necessary for the application to be placed in the List of Validated Payment Applications on PCI Security
Standards Council website.
After payment application has been assessed for compliance with the Payment Application Data Security Standard (PA-DSS), with the evidence of corresponding Report
on Validation (ROV), a developer attains incontestable competitive advantage, which opens the way to the market of applied systems for processors, service providers
and different merchants, including e-commerce.
Getting PA-DSS Attestation of Validation became of high priority, as Visa and MasterCard, the international payment brands, have defined the deadline for the
transition of the payment card industry participants to only certified applications – July 1, 2010.
Please contact us at services@dsecrg.com
