	RISK COMPLIANCE SECURITY
Solutions CorrelatedVM™ DEA EPCS Financial Healthcare Mobile Retail Technology Services Services Overview Strategic Security Services Vulnerability Management Risk Analysis PCI DSS / PA-DSS IT Audit Healthcare / DEA EPCS Application Security Network/Infrastructure Security Penetration Testing News NetSPI In The News Events Press Releases Resources White Papers Case Studies Presentations Webinars Company Why NetSPI Management Our Approach Certifications Partners Careers Contact Blog

News

NetSPI Among First to Gain Certification for New PA-DSS Information Security Standard

Information Security Consulting Firm Among First Eight USA-Certified Payment Application Qualified Security Assessors

Minneapolis, October 23, 2008 — NetSPI, a Minneapolis-based information-security consulting firm, has announced that it is among the first eight companies to be certified by the Payment Card Industry Security Standards Council (PCI SSC) to use a new standard to assess and validate the payment software applications used by merchants and agents in handling credit and debit card transactions.

The new standard, called Payment Application Data Security Standard, or PA-DSS, is part of the continuing battle to stay ahead of cyber-criminals who try to steal sensitive information electronically. Based on the Payment Applications Best Practices (PABP) that was developed by Visa, PA-DSS went into effect October 15, 2008. The standard lays out in detail what should be done by developers and users of payment software to guard against data breaches.

Deke George, NetSPI CEO, said that We are proud to be among the handful of firms that have already been certified in PA-DSS. We can begin immediately to help organizations comply with and take advantage of this new standard.

NetSPI can now help clients with the following:

Initial certification of the PA-DSS application.
Recertification of applications or certifications of new releases.
Assistance in migrating applications previously validated under PABP.
Helping participants in the payment chain understand how PA-DSS integrates with PCI-DSS.

In the PCI arena, NetSPI is already a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV), certified to perform both the on-site audit and the quarterly network scans required of merchants and service providers. Previously, NetSPI had received certification as a PABP auditor.

About NetSPI (www.netspi.com)

NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies. More information is available at www.netspi.com.

Contact:

Rachel Anderson
612.455.6976
Rachel.Anderson@netspi.com

We are proud to be among the handful of firms that have already been certified in PA-DSS. We can begin immediately to help organizations comply with and take advantage of this new standard.

— Deke George
NetSPI CEO