The P2PE PA-DSS Validation and Accreditation focuses on Application Security (Domain 2) of the PCI P2PE Security Standard. This service satisfies the P2PE requirement calling for an independent assessment of the specific P2PE application that resides within the Point-of-Interaction (POI) device.
The P2PE PA-DSS Validation and Accreditation service is intended for vendors designing applications for PCI-approved POI devices as part of a P2PE solution. Applications that are suitable for this service are payment applications that have access to clear-text account data. Other applications that do not have access to clear-text account data (for example, loyalty or advertising applications) do not need to be evaluated under this service.
Our assessors hold the PCI P2PE Payment Application Qualified Security Assessor (P2PE PA-QSA) certification which demonstrates full understanding of the P2PE Standard and competency in performing the P2PE PA-DSS Validation and Accreditation service. Our assessor will validate the application against the ten requirements within Domain 2 of the P2PE Standard by interviewing key staff, reviewing relevant documentation, and evaluating software development and customer support processes. Penetration testing of the application will be done, and training will be provided to resellers and integrators if these groups are utilized.
For applications that are in full compliance with the P2PE PA-DSS, our assessor will create a P2PE PA-DSS Report on Validation and P2PE Attestation of Validation for client review and acceptance before submission to the PCI Council for approval. For applications that are not in full compliance with the P2PE PA-DSS, our assessor will create a Gap Analysis/Remediation Report indicating areas of non-compliance and mitigation guidelines for addressing deficient areas.