Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

  • Applies to any organization involved in payment card processing
  • The minimum set of requirements for protecting account data
  • Validation and reporting requirements defined by payment brands


Report on Compliance (RoC)


Attestation on Compliance (AoC)


Qualified Security Assessor (QSA)

PCI-SSF Is the Future of PA-DSS

Payment Application – Data Security Standard (PA-DSS) was designed specifically for payment applications used in a Payment Card Industry- Data Security Standard (PCI-DSS) environment.

The PCI Software Security Framework extends beyond this function to address the overall resiliency of your software security.
  • Validated applications help maintain PCI DSS compliance
  • Two standards applicable to applications (licensed or off-the-shelf) and software development companies.
  • Non-applicable to in-house, single-customer, or mobile applications

Advantio now joins the Elite List of PCI SSF Assessors
  • We are listed as a Payment Card Industry – Software Security Framework (PCI SSF) Assessor company by the PCI Security Standards Council
  • We are amongst the only 24 companies in the world to hold this certification

As further information is published by PCI Security Standards Council, Advantio looks forward to solving all your PCI SSF requirements "on time and on budget."


Remediation and Technological Support


Report on Validation (RoV)


Attestation on Validation (AoV)

Payment Card Industry 3-D Secure (PCI 3DS)

The PCI 3DS standard defines physical and logical security requirements and assessment procedures for entities performing or providing 3DS functions. The PCI 3DS comprises a minimum set of requirements for protecting 3DS sensitive data, based on 14 principles structured into more than 200 requirements.

The standard applies to all entities which provide the following functions:
  • 3DS Server (3DSS)
  • 3DS Directory Servicer (DS)
  • 3DS Access Control Server (ACS)


Formal Assessment of Compliance


3DS Report on Compliance (RoC)


3DS Attestation on Compliance (AoC)

Payment Card Industry Point-to-Point Encryption (PCI P2PE) / NESA

P2PE (and NESA) defines the requirements and testing procedures for point-to point-encryption (and non-listed encryption security). Encryption strengthens customer's account data from the point of interaction (within the encryption environment where account data is captured) to the point of decrypting that data inside the decryption environment, effectively removing clear-text account data between these two points. P2PE applies to P2PE solution providers, payment application vendors or component providers

P2PE component providers may validate the following service they provide:

Encryption Management Services (EMS)
  • Encryption Management Component Provider (EMCP)
  • POI Deployment Component Provider (PDCP)
  • POI Management Component Provider (PMCP)

Decryption Management Services (DMS)
  • Decryption Management Component Provider (DMCP)

Key Management Services (KMS)
  • Key Injection Facility (KIF)
  • Key Management Component Provider (KMCP)
  • Key Loading Component Provider (KLCP)
  • Certification Authority/Registration Authority (CA/RA)


6 Domains, more than 1500 Requirements


Report on Validation (P-RoV)


Attestation on Validation (P-AoV)


Remediation and Technological Support


Industry Standard Encryption Requirements

Payment Card Industry PIN Security (PCI PIN)

The PCI PIN Security standard contains a complete set of requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payments card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.

  • PIN Security applies to all entities involved in PIN processing including ATM and POS transactions
  • Validation and reporting requirements are defined by payment brands
  • PIN Security assessments must be performed by PCI validated QPA companies


7 Control Objectives, more than 300 Requirements


PIN Security Report on Compliance (RoC)


PIN Security Attestation on Compliance (AoC)

Payment Card Industry Token Service Providers (PCI TSP)

The PCI TSP is a Payment Card Industry standard for entities providing services as a Tokenization Service Provider. A TSP is an entity that provides registered token requestors, such as merchants holding the card credentials, with ‘surrogate’ PAN (Primary Account Number) values (or ‘payment tokens’). These tokens can only be used in specific domains such as the merchant's website or more recently in pre-defined channels such as via a mobile device to make an NFC (near field communication) payment.

  • Applies to all entities performing services as a Tokenization Service Provider
  • Validation and report requirements defined by payment brands
  • Assessments to be provided by QSA (P2PE 'Point-to-Point Encryption')




TSP Report on Compliance (RoC)


TSP Attestation on Compliance (AoC)



Tell us more about you and one of our experts will call you back