YESpay International, a global EMV Payment Service provider, has received validation from the Payment Card Industry Security Standards Council for compliance of its payment client EasyV-Terminal with the Payment Application Data Security Standard (PA-DSS).
PA-DSS is a PCI Council-managed program aiming at helping payment software vendors develop secure payment applications that do not store prohibited data (full magnetic stripe, CVV2 or PIN data) and ensure their POS (point-of-sale) applications support compliance with PA-DSS. This certification is required for POS application vendors that handle payments that are sold, distributed or licensed to third parties.
YESpay did not need to undergo PA-DSS certification as YESpay does not sell the software but provides it as part of its payment service. However YESpay undertook certification of its client payment applications to PA-DSS in order to bring even more confidence to merchants and POS software vendors. YESpay is now on the PA-DSS list of validated Payment Applications.
"This is an important achievement that will help our partners fast track their own PA-DSS compliance as well as providing additional assurances to the end merchants that YESpay is delivering a high quality, secure product as certified by the PCI Council", highlights Nigel Exton, SVP Operations and Client Services at YESpay.
Together, YESpay's PCI-DSS (level 1) and PA-DSS certifications ensure that in all cases, the point-of-sale software is freed from PA-DSS certification. This achievement therefore allows YESpay's partners, POS application vendors, to save on time and costs as a PA-DSS certification is an expensive and long process. "It controls the overall secure development life cycle and the QA process for the application. These processes take time to implement if they are not already followed" explains Dhiraj Dutta, VP Operations and Support at YESpay. He also highlights the fact that "PA-DSS is an endorsement of our development, QA and Key Management processes and will help fast track PCI-DSS for YESpay customers. It is an important achievement for YESpay, its partners and merchants."
Since YESpay is responsible for storing the cardholder data on behalf of its clients, the uniqueness of its managed architecture ensures high levels of security. Along with these PA-DSS and PCI-DSS (level 1) certifications, YESpay is ahead in security features as its payment solutions support tokenization, Point-to-Point Encryption and are based on Cloud computing Architecture. In fact, YESpay recently announced that EMBOSS TM, its payment gateway, has once again reached a new operational record of 2 YEARS of uninterrupted Service providing 100% availability of credit and debit card authorisation processing through its dual data Centers. Indeed, offered as a SaaS (Software as a Service) model, the key to the success of YESpay's fully EMV Chip & PIN, PCI- DSS (Level 1) and PA-DSS certified EMBOSS payment service is its unique 'Cloud A2 computing architecture', which delivers its reliability, security and service quality. YESpay's commitment to card security does not stop here, as it supports as a free feature Tokenisation wherein "tokens" are linked to credit/debit card details within EMBOSS compliant environment and then provided to merchants. YESpay also supports Point-to-Point Encryption from the card acceptance PIN pad devices all the way to its EMBOSS data centers.