T3i :: PA :: DSS Certification

PA DSS CERTIFICATION

The Payment Application Data Security Standard (PA DSS) applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.T3i is a Payment Application - Qualified Security Assessor Company Certified by the Payment Card Industry Security Standards Council

T3i’s PA DSS Certification engagement focuses on assessment, remediation, and certification of the client’s Payment Application. T3i’s collaborative approach aligns the organization’s payment application development efforts with technology according to the PA-DSS.

OUR APPROACH TO PA DSS CERTIFICATION

Outlined are key activities, deliverables, and milestones for ensuring the organization’s PA DSS compliance and certification.

Phase I: PA DSS Project Definition and Scope

Executive review of the PA-DSS standard and the necessary requirements for compliance
Executive review of T3i’s PA DSS assessment, approach and deliverables
Identification of key personnel, project timeline and milestones

Phase II: PA DSS Gap Analysis

Review and analysis of current payment application design, procedures, and functionality
Identification of debit/credit (i.e., payment) Transaction Logical and Physical Flow
Review of Software Development Life Cycle (SDLC) and Implementation Guide
Identify and analyze all significant third party outsourcers related to the payment application
Creation of Gap Analysis report

Phase III: PA DSS Remediation, Consultation & Implementation

Joint review of the PA DSS Gap Analysis findings and recommendations
Create remediation and implementation project plan
Organizational remediation of identified deficiencies or issues regarding PA DSS compliance