The PA-DSS and Beyond
To get your product to market, you need to demonstrate that it's both compliant and secure. For many applications, that means getting listed as a PA-DSS validated application by the PCI SSC. But what if your solution doesn’t yet fit the current, fairly narrow definition of a ‘payment application’? Increasingly, software developers and service providers are looking for independent tests and assessment reports to verify marketing claims.
The PA-DSS Assessment: More than a Listing
If your solution is a payment application, it needs to be tested and validated against the Payment Application-Data Security Standard. Most Coalfire customers, however, want more than an assessment report. They need a partner while they are designing and building the application so they can avoid expensive re-work later on. They need a Report on Validation that gets accepted by the council upon its first submission. They also need a partner who is available to help in design meetings and can create and file ‘no impact’ reports for major updates that don’t need to be re-tested.
Not everything is a payment application, and many new technologies (e.g., mobile devices, encryption solutions, and more) aren’t and won’t be listed by the PCI SSC. But many technology buyers are still looking for independent assessments before they implement new devices, technologies or services that interact with their IT infrastructure.
To bridge this gap, Coalfire conducts tests and develops position papers and audit reports suitable for sharing with customers and other third-party assessors. These tests verify marketing claims and are co-branded by Coalfire, the most trusted independent assessors in the industry.