What is PA-DSS?
Organisations that create applications which process payment card data and deliver authorisation or settlement functions may be required to go through PA-DSS (Payment Application Data Security Standard). PA-DSS is a highly specialised subsection of the Payment Card Industry Data Security Standard (PCI DSS) that focuses heavily around the heart of payment card processing.
The recommended approach for organisations embarking on PA-DSS compliance is to have a formal Gap Analysis. During this exercise Nettitude measures an organisation’s payment application against the requirements defined in the PA-DSS.
A Gap Analysis typically involves a Nettitude PA-QSA travelling to an organisation’s offices and conducting a provisional assessment of the application. This exercise identifies all areas where the application is compliant, and areas which are non-compliant. Additionally, Nettitude reviews user guides, implementation guides and all other documents that are required for PA-DSS compliance.
The Gap Analysis is effectively a backwards facing assessment of the application, against what the Payment Card Data Security Standard requires.
Using this data Nettitude will produce the following documents:
- A high level review of the Payment Application.
- Identification of all inputs and outputs from the application.
- A detailed report itemizing areas of compliance and non-compliance.
As part of the Gap Analysis, Nettitude will also provide a forward facing roadmap on how the gaps can be bridged. This document provides strategic guidance on how to enhance the application and process card data in a more secure manner. At the same time, Nettitude will produce a defined project-plan with key milestones that can be realistically achieved.
PA-DSS assessment relies heavily on penetration testing, code review and forensic techniques so as to unearth the inner most workings of a payment application. Nettitude has one of the strongest pedigrees in the industry within these subject matter areas, and has been operating at the pinnacle of the penetration testing industry for a number of years.
Nettitude’s pragmatic advice and guidance, combined with its strong project management abilities, makes it the partner of choice for many organizations pursuing both PCI DSS and PA DSS compliance.