TAS completed self assessment for the PA-DSS certification of its e-money products
PA-DSS is the global security standard for applications that manage payments with debit, credit and prepaid cards, with strong impact on organizational and administrative processes related to the software life cycle, on which the supplier must provide evidence of awareness and accomplishment.
The main objective of this standard is to prevent the payment applications developed by third parties from not adequately protecting the card PAN or storing sensitive data (such as tracks and equivalent chip data, validation code and PIN / PIN Block) more than necessary. At the same time, the standard lays the basis for payments software developing in compliance with the Payment Card Industry Data Security Standard (PCI DSS), facilitating the certification.
Impacts on the code to manage cardholder data and sensitive data in an appropriate manner are only one part of PA-DSS compliance requirements.
The supplier is also asked to provide evidence on:
- alignment of business processes related to software development and maintenance to the industry best practices
- proper use of the application, in order to not obstruct the PCI-DSS, as well as being developed and maintained in line with the above business process
- implementation of training programs for all personnel, internal and external (including customers), involved in the product
- life cycle
To enable its customers to achieve and maintain compliance with PCI-DSS in the best possible way, TAS Group has identified a modular solution that covers international payment cards schemes, domestic schemes (BANCOMAT and PagoBANCOMAT), the Postamat circuit and the protection of cardholders personal data.
The solution is applicable regardless of platform and functionalities of the products and is compliant with the PA-DSS requirements.
TAS Group completed a process of self-assesment on the PA-DSS preparation and predisposition, which affects both the software development business processes and the products.
Both activities are preparatory to the validation of the products by a PA-QSA (Payment Application Qualified Security Assessor).
