PA DSS standard
To improve the safety of consumer data and trust in the payment ecosystem, a set of standards for data security was created. One of these is the PA DSS (Payment Application Data Security Standard) standard, which defines the security requirements for software that processes payment cards. This standard ensures that sensitive cardholder data is protected against unauthorized use. All software that is used for reading payment cards must be certified according to PA DSS requirements.
More information about the protocol used in bank card servicing equipment, you can find by clicking this link Implementation Guide AsyncPOS.
PCI DSS standard
Another important requirement that applies for all entities that store, process, or transmit cardholder data and/or sensitive authentication data is the PSCI DSS (Payment Card Industry Data Security Standard) standard. This standard defines the level of consumer protection and helps reduce fraud and data breaches.
Depending on the volume of payment card transactions processed during a 12-month period there are 4 levels of PCI compliance and corresponding requirements.
- Level 1 applies to service providers and organizations that process more than 6 million transactions of Visa or MasterCard payment cards per year. These companies must carry out an independent PCI audit every year.
- Level 2 applies to organizations that process 1-6 million payment transactions per year. They are required to have an independent annual assessment of compliance with the PCI DSS requirements.
The main benefits of EPS LT payment card solution:
- Ensures reliable and secure provision of card payment services.
- Simplifies the PCI DSS certification process for the merchant.
- Allows the merchant to reduce the cost of PCI DSS certification up to 5 times.
The table below shows the PCI DSS requirements which are not obligatory when using EPS LT payment card solution.
|No.||PCI DSS requirements||Obligatory?*|
|1||Control computer network firewall to secure card owner information||no|
|2||Do not use standard or easy to guess passwords||no|
|3||Secure card owner information||yes|
|4||Fixate card data which is sent over public computer networks||no|
|5||Use and constantly update antivirus systems||no|
|6||Install and maintain network safety systems||no|
|7||Limit the access to card data||no|
|8||Grant unique login information for every computer||no|
|9||Limit physical access to card data||yes|
|10||Track all access to computer network and card data||no|
|11||Constantly test safety systems||no|
|12||Install and constantly update informatic safety documentation||yes|
*Information is based on PCI DSS certification experience of EPS LT clients. The final decision of mandatory requirement is adopted by the auditor PCI QSA.