Payment Card Industry (PCI) consultancy
ELITT proposes customized courses and consultancy for clients that either want to know more about the Payment Card Industry (PCI) standards, request assistance in defining the impact of these standards for their business or require advice for implementing the actual PCI Data Security Standard (DSS) regulations. Dependent on the exact scope of activities and the type of data manipulated or stored within an organization’s network, various sections of the PCI regulations apply:
- PCI DSS applies to all entities that manipulate, store or transfer confidential card holder data. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.PCI DSS compliance is supported by PCI PTS and PA-DSS (see below) certification.
- The Payment Application Data Security Standard (PA-DSS) applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. All terminals and POS that process PIN transactions are bound by the PA-DSS, as are all software payment applications for online sales.
- Payment Card Industry Pin Transaction Security (PCI PTS) defines the security for pin entry, off-line verification as well as on-line transmission of PIN data. The requirements are presented in 4 manuals detailing the following modules:
- Encrypting Pin Pads (EPP): defines the PIN security for terminals and ATMs
- Point of Sale Pin Entry Devices (POS-PED): defines a spectrum of requirements regarding logical and physical security at POS
- Unattended Payment Terminals (UPT): describes all security obligations applicable to unattended terminals (except ATMs) that allow PIN entry
- Hardware Security Modules (HSM): defines security requirements for physical and logical conception of HSMs as well as for their fabrication process and installation.
Even if most companies are not directly impacted by all standards described above, to truly understand the financial and schedule impact and importance of the PCI standards and recommendations it is important to visualize and understand the architecture and its implementation as a whole. ELITT has specialized in the presentation of the PCI standards as an enterprise project
and more so with regards to banking applications, ELITT’s historical field of activity. These conceptualization courses typically take 1 to 2 full days.