SAN JOSE, CA, January 06, 2016 /24-7PressRelease/ -- Last month the PCI Security Standards Council (PCI SSC) released "Additional Security Requirements and Assessment Procedures for Token Service Providers (EMV Payment Tokens), Version 1.0." The document defines physical and logical security requirements and assessment procedures for Token Service Providers that generate and issue EMV Payment Tokens.
Answering the question of who is qualified to assess the PCI TSP Security Requirements, PCI SSC
states the following: "When assessing the TSP's token data environment, only QSA (P2PE)s that have undergone TSP training are qualified to assess the PCI TSP Security Requirements. PCI DSS Requirements 1 through 12 (which also apply to the token data environment) may be validated by a QSA."
As one of only 24 companies worldwide certified to undertake this, PSC's QSA (P2PE)s will begin providing assessments to the Token Service Providers in early 2016. Amongst its suite of solution offerings, PSC specializes in cryptographic key management, physical security and logical access controls - all crucial components of the more stringent controls defined in the PCI TSP Security Requirements. With a number of qualified P2PE assessors, PSC will be ready to provide assessment services to Token Service Providers in 2016. Additional announcements and communications will be provided shortly.
About PSC (Payment Software Company)
PSC provides expert business services and solutions to organizations that require specialist compliance or consulting support in the areas of payments, risk or security. The partners at PSC are veterans with combined experience of over 100 years in the electronic payment processing and information security industries. PSC clients range in size from small business to Fortune 100. Most PSC clients accept or process payments or are technology companies in the payments or security arena.
# # #