PA DSS – technologic standards

In order to ensure user data safety, the requirements for payments by payment cards are stiffened. Currently, the most relevant requirement is to card reader equipment – PA DSS (Payment Application Data Security Standard) standard. It is the requirement created by VISA, MasterCard and other corporation board which defines the safety requirements for the software used to process bank payment cards. This certificate ensures that important client data would be safe from illegal usage or theft. From 2012-07-01 all the bank card service equipment used in Baltic countries must be certified according to PA DSS requirements.

PCI DSS – technologic and process standards

PCI DSS (Payment Card Industry Data Security Standard) standard regulates the requirements for the accepting, transferring and processing etc. payments by bank cards companies and retail merchant and service companies:

  • 1st level, i. e. the merchant and service companies servicing over 6 000 000 bank cards per year must be independently audited and repeat it every year from 30.09.2010;
  • 2nd level, a formal certification time has not yet been determined for the merchant and service companies servicing from 1 000 000 to 6 000 000 bank cards per year. However, fines or other sanctions may be applied from 30.09.2009 if data prohibited by PCI DSS standard requirements is found in the system. In the future, the independent safety audit must be undergone by 2nd level merchant organizations as well.

EPS LT offered bank payment card solution benefits

  • Reduced expenses of PCI DSS certification;
  • Using EPS LT solution, the merchant and service companies can save up to five times;
  • This is one of the most modern and advanced solutions operating in 5 countries.

The table below shows the PCI DSS requirements which are not obligatory using EPS LT bank card service solution.

 

 No.  PCI DSS requirements  Obligatory?*
1  Control computer network firewall to secure card owner information  no
2  Do not use standard or easy to guess passwords  no
3  Secure card owner information  yes
4  Fixate card data which is sent over public computer networks  no
5  Use and constantly update antivirus systems  no
6  Install and maintain network safety systems  no
7  Limit the access to card data  no
8  Grant unique login information for every computer  no
9  Limit physical access to card data  yes
10  Track all access to computer network and card data  no
11  Constantly test safety systems  no
12  Install and constantly update informatic safety documentation  yes

*Information is based on PCI DSS certification experience – EPS LT client. The final decision of mandatory requirement is adopted by the auditor PCI QSA.