Compliance

Servicios PCI Compliance

In A2SECURE we have been helping our clients, for more than 10 years, to comply with security standards recognized worldwide (PCI-DSS, PA-DSS, GDRP).

PCI DSS is a security standard developed by the Payment Card Industry Security Standards Council (PCI SSC), and its main objective is to reduce fraud related to credit/debit cards and increase the security of payment card data stored in information systems and also when they are processed or transmitted.

This standard is mandatory for all companies that process, transmit or store credit card data.
Complying with PCI-DSS means implementing a significant number of security controls, procedures and policies, and keeping them over time. In many cases this is an important headache for companies.

Therefore, in A2SECURE we help you to overcome your headache! We are PCI standard experts, so we ensure our clients comply with it year after year. Thanks to our broad experience, we have designed a series of services focused on the standard compliance in an agile and effective way.

PCI-DSS Program

A2SECURE has a PCI-DSS compliance program adapted to each client’s needs, helping them through advice and consulting, analyzing and evaluating which are the best options according to their needs.

PCI-DSS Audit

Service providers and businesses with a certain volume of transactions per year may be required to perform a PCI-DSS compliance audit by a QSA company. A2SECURE holds this certification, and has a team of qualified auditors, with years of experience, who help our clients in their audit process.

PCI-DSS ASV Service

PCI-DSS requirement 11 states that quarterly scans must be performed by a third party certified by the Council as ASV (Approved Scan Vendor). A2SECURE has the ASV tools to offer added value services to help our clients comply with this requirement, and provide this information to the acquiring banks requesting it.

PCI-DSS for Travel Agencies

The tourism sector is increasingly affected by the PCI-DSS standard. Banks were the first to require it, and IATA joined them, to ensure that clients’ card data are managed in a secure manner. If you are a Travel Agency and want to know more about PCI-DSS and how this standard affects you, at A2SECURE we help you to comply with it in an easy and convenient way.

PA-DSS:

PA-DSS is the PCI Council-managed program, previously under the supervision of the Visa program, known as Payment Applications Best Practices (PABP).

The goal of the PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as the full magnetic stripe, PIN data or CVV2 (Card Verification Value), and ensure your payment applications allow compliance with the PCI-DSS, that is, ensure your applications do not detract from the PCI-DSS environment where they are installed.

Payment applications that are sold, distributed or licensed under license to third parties are subject to PA-DSS requirements.

In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to PA-DSS requirements, but must be verified in accordance with the PCI-DSS.

We advise software development, payment software, fraud management, etc. companies on the measures to be taken to comply with PA-DSS, and therefore ensure these applications do not detract from their clients’ PCI-DSS environment.

PA-DSS Program

A2SECURE has professionals who are subject-matter experts and advise our clients, ensuring that the applications are designed and managed based on the PA-DSS standard.

GDRP General Data Protection Regulation

The General Data Protection Regulation (GDPR) has entered into force throughout the EU since May 25, 2018.

GDRP aims to ensure and standardize at European level that all companies that treat personal data, both public and private, use personal data in a legal and fair way. That is, avoiding unauthorized uses leading to situations that may affect the individual’s privacy in their personal, family and professional environment.

This law is mandatory for any natural, legal or private person in the development of their professional work to deal with personal data, assuming a series of obligations.
In A2SECURE we have GDRP compliance programs. Furthermore, we offer the Data Protection Officer (DPO) outsourced service, for companies that choose to outsource it.

GDRP Compliance

General Data Protection Regulations (GDPR) compliance is ‘the in thing’ and affects both the public and private sectors to ensure and homogenize at European level the processing of personal data.
We offer our clients advice and legal audits so that their business complies with the requirements of the laws in force.

Consulta a un experto

Si quiere contratar alguno de nuestros servicios o hablar con un experto que le aconseje sobre nuestras soluciones, aquí encontrará nuestros datos para contactar con nosotros.