Solutions that are used in the authorisation or settlement process of a card transaction and that process, transmit or save card data are referred to as payment applications. A payment application must meet the SSF requirements and be able to demonstrate its SSF compliance to customers who use the software. Evidence is provided by listing as a certified application by the PCI Council. The software manufacturer proves its SSF compliance for listing by means of an audit by a Qualified Security Assessor (QSA).
Support in all phases of a PA-DSS project through sucessful validation
We explain the SSF requirements and convey the basic knowledge required to run a SSF validation project in our workshops and consultation meetings. We support management, departments and technical experts with our experience in SSF projects.
By means of gap analyses and workshops, we work with you to clarify the implementation measures required to meet the SSF requirements. You therefore have a picture of the extent of the work required to achieve SSF compliance.
Using the information from the analyses, you can then implement the essential measures. We support you with advice, help you to take the right steps to implement them in your company and software development cycle to align your application with the standards.
VALIDATION & CERTIFICATION
Following successful implementation of the adaptations, we carry out the validation audit with you and draw up the necessary audit reports. An application is then made for listing with the PCI Council, and you receive a certificate from us confirming successful completion of the validation.
We understand the situation and particular framework conditions of our clients. With our many years of experience in the validation of various industry solutions, our staff and auditors support software manufacturers with their industry experience and expertise. Here are some examples.
The terminal application of a payment terminal must satisfy the SSF requirements, so that the application demonstrates that it can be used in a PCI DSS-compliant environment.
Hotel software solutions (PMS) frequently handle payment processes in software modules or process card data. Solution providers must demonstrate to their customers that the solution can be operated in compliance with PCI requirements by means of a SSF validation.
Parking Garage Solutions
Car parks use essential software components to handle payment transactions in parking management. Fulfilment of the PCI requirements is an important component in selling these solutions worldwide. Proof of SSF conformity of the software components concerned is an important factor in this context.
Software terminals integrate payment functions in check-out systems as an application in many areas. The solutions are flexible to use and can be integrated into a wide range of check-out landscapes. With SSF approval, you can demonstrate conformity for use in a PCI environment. For use in a P2PE solution you can demonstrate conformity by a PA-P2PE validation.