PCI SSS

PCI certifications

The PCI Secure Software Standard (PCI SSS), part of the PCI Secure Software Framework (PCI SSF), establishes security requirements for software that processes, stores, or transmits payment card data.

This standard is particularly relevant for software vendors who aim to deliver secure payment solutions, comply with stringent card network requirements (such as Visa or Mastercard), and enhance their competitive edge.

PCI PIN Security,PCI PIN Assessment,PCI PIN audit,PCI PIN Certification,KIF
Certification under PCI SSS ensures that software is built with the highest level of payment data protection, fostering trust among clients and simplifying compliance processes for users like merchants or integrators.

How can we help you?

At Patronusec, inspired by the protective spell "Patronus" from Harry Potter, we act as a safeguard for your payment software. Our expertise and Secure Software Assessor (SSA) accreditation enable us to guide you through every step of achieving PCI SSF compliance.

If you are developing, certifying, or maintaining payment software—whether it's deployed on payment terminals or offered as a product for end clients—we’re here to help. We offer comprehensive gap analysis to identify areas for improvement, expert consultation to clarify PCI Secure Software Standard requirements, guidance in designing secure applications that meet industry benchmarks, and execution of a thorough PCI SSF audit to confirm compliance.

With our support, you can enhance customer trust, meet security requirements, and pave the way for seamless compliance with standards like PCI DSS.

How we will work with you?

Stage 1

Gap Analysis
(Optional)

For new clients or those unsure of their readiness for a certification audit, we offer a gap analysis. This process simulates a certification audit, identifies non-conformities, and suggests actionable solutions tailored to your needs.

Stage 2

Consultation

Navigating the PCI Software Security certification process can be complex. We’ll provide step-by-step guidance, answer your questions, and offer practical solutions to challenges, ensuring you’re fully prepared.

Stage 3

Certification
Audit

Our PCI SSF audit can be conducted remotely, on-site, or in a hybrid format. Within two weeks of the audit, you’ll receive a tracker document listing required evidence and documentation needed to complete the certification process.

Stage 4

Corrections and
Evidence Collection

You’ll have up to 90 days to submit evidence or implement corrections. Faster submission means quicker delivery of your audit documents.

Stage 5

Reporting

We compile detailed compliance reports, often exceeding 200 pages, covering all relevant domains. Each report undergoes a rigorous QA process before submission. At the end of this stage, you’ll receive the Attestation of Validation (AOV) document for signature.

Stage 6

Submission to
PCI SSC

After you sign the AOV, we submit the report to the PCI SSC for review by the Assessor Quality Management (AQM) team. This step may take up to three months and requires prompt payment of the PCI SSC invoice to initiate the process.

Stage 7

Completion

Once approved by PCI SSC, your solution will be listed on their official website. A marketing certificate will be issued shortly after, marking the successful completion of your PCI SSF certification journey.

Certification audit

Our certification audit involves six critical steps to ensure your software meets the requirements of the PCI Secure Software Standard:

1.

Staff Interviews Before the audit, we’ll share an agenda detailing topics to discuss with your team. These interviews help us understand your organisation, responsibilities, and approach to software security.

2.

Configuration Review We’ll review and verify the configuration of your systems, devices, and tools. This includes checking access control systems, alarms, and other infrastructure elements while collecting evidence for the audit.

3.

Process Review We’ll evaluate your management processes, such as change reporting, log review evidence, and patching records, to ensure they align with PCI SSF standards.

4.

Documentation Review This step, often conducted remotely, involves analysing your policies, procedures, network diagrams, and other documentation. All documents must be current (reviewed within the last 12 months).

5.

Process Observations We’ll observe critical processes, such as key generation, key distribution, secure room access, and the software installation process, to verify compliance.

6.

Software Testing We’ll test your software’s security - similar to penetration testing -, ensuring it doesn’t retain sensitive data (e.g., cardholder information in temporary files) and functions as intended.

At the conclusion of the audit, we’ll deliver a tracker document summarising observations and listing required evidence. Addressing these items promptly enables us to finalise your compliance report efficiently.

Don't buy a pig in a poke -
request a free consultation and check how we can assist you.

Free consultation
Contact form
PCI PIN Security,PCI PIN Assessment,PCI PIN audit,PCI PIN Certification,KIF

Use the contact form or contact us directly.

Patronusec Sp z o. o.

Head Office:
ul. Święty Marcin 29/8
61-806 Poznań, Polska

KRS: 0001039087
REGON: 525433988
NIP: 7831881739
D-U-N-S: 989454390
LEI: 259400NAR8ZOX1O66C64