PA DSS standard

To improve the safety of consumer data and trust in the payment ecosystem, a set of standards for data security was created. One of these is the PA DSS (Payment Application Data Security Standard) standard, which defines the security requirements for software that processes payment cards. This standard ensures that sensitive cardholder data is protected against unauthorized use. All software that is used for reading payment cards must be certified according to PA DSS requirements.

More information about the protocol used in bank card servicing equipment, you can find by clicking this link Implementation Guide AsyncPOS.

PCI DSS standard

Another important requirement that applies for all entities that store, process, or transmit cardholder data and/or sensitive authentication data is the PSCI DSS (Payment Card Industry Data Security Standard) standard. This standard defines the level of consumer protection and helps reduce fraud and data breaches.
Depending on the volume of payment card transactions processed during a 12-month period there are 4 levels of PCI compliance and corresponding requirements.

  • Level 1 applies to service providers and organizations that process more than 6 million transactions of Visa or MasterCard payment cards per year. These companies must carry out an independent PCI audit every year.
  • Level 2 applies to organizations that process 1-6 million payment transactions per year. They are required to have an independent annual assessment of compliance with the PCI DSS requirements.

The main benefits of EPS LT payment card solution:

  • Ensures reliable and secure provision of card payment services.
  • Simplifies the PCI DSS certification process for the merchant.
  • Allows the merchant to reduce the cost of PCI DSS certification up to 5 times.

The table below shows the PCI DSS requirements which are not obligatory when using EPS LT payment card solution.

 

 No.  PCI DSS requirements  Obligatory?*
1  Control computer network firewall to secure card owner information  no
2  Do not use standard or easy to guess passwords  no
3  Secure card owner information  yes
4  Fixate card data which is sent over public computer networks  no
5  Use and constantly update antivirus systems  no
6  Install and maintain network safety systems  no
7  Limit the access to card data  no
8  Grant unique login information for every computer  no
9  Limit physical access to card data  yes
10  Track all access to computer network and card data  no
11  Constantly test safety systems  no
12  Install and constantly update informatic safety documentation  yes

*Information is based on PCI DSS certification experience of EPS LT clients. The final decision of mandatory requirement is adopted by the auditor PCI QSA.