Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

  • Applies to any organization involved in payment card processing
  • The minimum set of requirements for protecting account data
  • Validation and reporting requirements defined by payment brands

LEARN MORE

E_01

Report on Compliance (RoC)

E_23

Attestation on Compliance (AoC)

A_04-1

Qualified Security Assessor (QSA)

GET IN TOUCH

Read More on our Blog: PCI DSS

PCI-SSF Is the Future of PA-DSS

Payment Application – Data Security Standard (PA-DSS) was designed specifically for payment applications used in a Payment Card Industry- Data Security Standard (PCI-DSS) environment.

The PCI Software Security Framework extends beyond this function to address the overall resiliency of your software security.
  • Validated applications help maintain PCI DSS compliance
  • Two standards applicable to applications (licensed or off-the-shelf) and software development companies.
  • Non-applicable to in-house, single-customer, or mobile applications

Advantio now joins the Elite List of PCI SSF Assessors
  • We are listed as a Payment Card Industry – Software Security Framework (PCI SSF) Assessor company by the PCI Security Standards Council
  • We are amongst the only 24 companies in the world to hold this certification


As further information is published by PCI Security Standards Council, Advantio looks forward to solving all your PCI SSF requirements "on time and on budget."

GET IN TOUCH

E_16

Remediation and Technological Support

E_10

Report on Validation (RoV)

E_23

Attestation on Validation (AoV)

GET IN TOUCH

Read More on our Blog: PCI S3

Payment Card Industry 3-D Secure (PCI 3DS)

The PCI 3DS standard defines physical and logical security requirements and assessment procedures for entities performing or providing 3DS functions. The PCI 3DS comprises a minimum set of requirements for protecting 3DS sensitive data, based on 14 principles structured into more than 200 requirements.

The standard applies to all entities which provide the following functions:
  • 3DS Server (3DSS)
  • 3DS Directory Servicer (DS)
  • 3DS Access Control Server (ACS)

GET IN TOUCH

E_09

Formal Assessment of Compliance

E_07

3DS Report on Compliance (RoC)

E_23

3DS Attestation on Compliance (AoC)

GET IN TOUCH

Read More on our Blog: PCI 3DS

Payment Card Industry Point-to-Point Encryption (PCI P2PE) / NESA

P2PE (and NESA) defines the requirements and testing procedures for point-to point-encryption (and non-listed encryption security). Encryption strengthens customer's account data from the point of interaction (within the encryption environment where account data is captured) to the point of decrypting that data inside the decryption environment, effectively removing clear-text account data between these two points. P2PE applies to P2PE solution providers, payment application vendors or component providers

P2PE component providers may validate the following service they provide:

Encryption Management Services (EMS)
  • Encryption Management Component Provider (EMCP)
  • POI Deployment Component Provider (PDCP)
  • POI Management Component Provider (PMCP)

Decryption Management Services (DMS)
  • Decryption Management Component Provider (DMCP)

Key Management Services (KMS)
  • Key Injection Facility (KIF)
  • Key Management Component Provider (KMCP)
  • Key Loading Component Provider (KLCP)
  • Certification Authority/Registration Authority (CA/RA)

LEARN MORE

E_13

6 Domains, more than 1500 Requirements

E_18

Report on Validation (P-RoV)

E_03

Attestation on Validation (P-AoV)

A_04-1

Remediation and Technological Support

A_35

Industry Standard Encryption Requirements

LEARN MORE

Payment Card Industry PIN Security (PCI PIN)

The PCI PIN Security standard contains a complete set of requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payments card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.

  • PIN Security applies to all entities involved in PIN processing including ATM and POS transactions
  • Validation and reporting requirements are defined by payment brands
  • PIN Security assessments must be performed by PCI validated QPA companies

LEARN MORE

E_17

7 Control Objectives, more than 300 Requirements

E_10

PIN Security Report on Compliance (RoC)

E_11

PIN Security Attestation on Compliance (AoC)

LEARN MORE

Read More on our Blog: PCI PIN

Payment Card Industry Token Service Providers (PCI TSP)

The PCI TSP is a Payment Card Industry standard for entities providing services as a Tokenization Service Provider. A TSP is an entity that provides registered token requestors, such as merchants holding the card credentials, with ‘surrogate’ PAN (Primary Account Number) values (or ‘payment tokens’). These tokens can only be used in specific domains such as the merchant's website or more recently in pre-defined channels such as via a mobile device to make an NFC (near field communication) payment.

  • Applies to all entities performing services as a Tokenization Service Provider
  • Validation and report requirements defined by payment brands
  • Assessments to be provided by QSA (P2PE 'Point-to-Point Encryption')

GET IN TOUCH

A_04-1

QSA P2PE

E_14

TSP Report on Compliance (RoC)

E_11

TSP Attestation on Compliance (AoC)

GET IN TOUCH

expert

BOOK AN EXPERT

Tell us more about you and one of our experts will call you back
Advantio-Integrity360_white

Your Trusted Security Partner. On Time & On Budget.

Copyright © 2023. All Rights Reserved.
PCI Solutions
Services
Technology
Resources