Information Security Consulting Firm Among First Eight USA-Certified
Payment Application Qualified Security Assessors
Minneapolis, October 23, 2008 — NetSPI, a Minneapolis-based information-security
consulting firm, has announced that it is among the first eight companies to be certified by
the Payment Card Industry Security Standards Council (PCI SSC) to use a new standard
to assess and validate the payment software applications used by merchants and agents in
handling credit and debit card transactions.
The new standard, called Payment Application Data Security Standard, or PA-DSS,
is part of the continuing battle to stay ahead of cyber-criminals who try to steal
sensitive information electronically. Based on the Payment Applications Best Practices
(PABP) that was developed by Visa, PA-DSS went into effect October 15, 2008.
The standard lays out in detail what should be done by developers and users of
payment software to guard against data breaches.
Deke George, NetSPI CEO, said that
We are proud to be among the handful of firms
that have already been certified in PA-DSS. We can begin immediately to help organizations
comply with and take advantage of this new standard.
NetSPI can now help clients with the following:
- Initial certification of the PA-DSS application.
- Recertification of applications or certifications of new releases.
- Assistance in migrating applications previously validated under PABP.
- Helping participants in the payment chain understand how PA-DSS integrates with PCI-DSS.
In the PCI arena, NetSPI is already a Qualified Security Assessor (QSA) and an
Approved Scanning Vendor (ASV), certified to perform both the on-site audit and the
quarterly network scans required of merchants and service providers. Previously,
NetSPI had received certification as a PABP auditor.
NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies.
More information is available at www.netspi.com.