<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1056783847775006&amp;ev=PageView&amp;noscript=1">

RESOURCES services menu

Hamburger-menu.png
MobileSearchIcon.png

PAYMENT CARD ASSESSMENT

PCI DSS, PA-DSS, and PCI P2PE Validations

TALK WITH A SPECIALISTRESOURCES

Payment_Card_Assessments-1.png

Webinar Replay: PA-DSS and App Security

Security risks associated with payment applications have never been greater or more publicized. Get expert insight into PA-DSS and application penetration testing, the requirements, where they apply, how they play a role in securing payment applications and much more.

PCI DSS

PCI DSS VALIDATION

The PCI DSS applies to all entities, both service providers and merchants, that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. Our professionals utilize the current PCI DSS including the testing methodology, prioritized approach, quality assurance standards, and other reporting procedures set forth by the PCI Council.

LEARN MORE
PA_DSS

PA-DSS VALIDATION

A PA-DSS validation ensures payment authorization security. The standards for authorization are maintained by the PCI Security Standards Council. A PA-DSS Qualified Security Assessor, Schellman provides a thorough payment application review so you can be sure your technology is PA-DSS compliant. Testing can occur both on-site or from one of Schellman's laboratories.

LEARN MORE
PCI P2PE

PCI P2PE VALIDATION

P2PE makes payment card data unreadable — and less valuable — until it reaches a secure decryption environment. Protect your company and your customers' data with a P2PE Qualified Security Assessor like Schellman. Our experts provide your company with validation of its secure hardware-based point-to-point encryption solutions. Schellman provides both QSA and PA-QSA P2PE services.

LEARN MORE

SCOPING ASSESSMENT

Schellman will conduct interviews and review network, data flow documentation, and configuration information to help the client determine where cardholder data may exist. Additionally they will review network diagrams and configurations to identify segmentation utilized to reduce the scope of an assessment and document and confirm the scope for a subsequent PCI annual on-site validation.

READINESS ASSESSMENT

Schellman will evaluate proposed architectures for alignment with the PCI and perform a high-level review of key controls in place. They will identify gaps and provide feedback on common “problem areas” for PCI including encryption, application development, logging, and policy management.

ANNUAL ON-SITE VALIDATION

Schellman will conduct a thorough assessment against the current PCI DSS based on a defined testing methodology and quality assurance standards.They will issue a formal Report on Compliance (ROC) and Attestation of Compliance (AOC) for PCI assessments and Reports of Validation (ROV) and Attestations of Validation (AOV) for PA-DSS and P2PE enagements.