PA DSS – technologic standards
In order to ensure user data safety, the requirements for payments by payment cards are stiffened. Currently, the most relevant requirement is to card reader equipment – PA DSS (Payment Application Data Security Standard) standard. It is the requirement created by VISA, MasterCard and other corporation board which defines the safety requirements for the software used to process bank payment cards. This certificate ensures that important client data would be safe from illegal usage or theft. From 2012-07-01 all the bank card service equipment used in Baltic countries must be certified according to PA DSS requirements.
To find more information about protocol used in card readers equipment please follow the link Implementation Guide AsyncPOS T.
PCI DSS – technologic and process standards
PCI DSS (Payment Card Industry Data Security Standard) standard regulates the requirements for the accepting, transferring and processing etc. payments by bank cards companies and retail merchant and service companies:
- 1st level, i. e. the merchant and service companies servicing over 6 000 000 bank cards per year must be independently audited and repeat it every year from 30.09.2010;
- 2nd level, a formal certification time has not yet been determined for the merchant and service companies servicing from 1 000 000 to 6 000 000 bank cards per year. However, fines or other sanctions may be applied from 30.09.2009 if data prohibited by PCI DSS standard requirements is found in the system. In the future, the independent safety audit must be undergone by 2nd level merchant organizations as well.
EPS LT offered bank payment card solution benefits
- Reduced expenses of PCI DSS certification;
- Using EPS LT solution, the merchant and service companies can save up to five times;
- This is one of the most modern and advanced solutions operating in 5 countries.
The table below shows the PCI DSS requirements which are not obligatory using EPS LT bank card service solution.
|No.||PCI DSS requirements||Obligatory?*|
|1||Control computer network firewall to secure card owner information||no|
|2||Do not use standard or easy to guess passwords||no|
|3||Secure card owner information||yes|
|4||Fixate card data which is sent over public computer networks||no|
|5||Use and constantly update antivirus systems||no|
|6||Install and maintain network safety systems||no|
|7||Limit the access to card data||no|
|8||Grant unique login information for every computer||no|
|9||Limit physical access to card data||yes|
|10||Track all access to computer network and card data||no|
|11||Constantly test safety systems||no|
|12||Install and constantly update informatic safety documentation||yes|
*Information is based on PCI DSS certification experience – EPS LT client. The final decision of mandatory requirement is adopted by the auditor PCI QSA.