> PABP Sales Sheet (pdf)

 

 


Security Assessment Services: VISA Payment Application Best Practices (PABP) Certification

DRG offers payment application software providers independent assurance services to support the assessment, remediation, certification and accreditation of Visa Payment Application Best Practices (PABP)
 
Overview
Visa Payment Application Best Practices assist software vendors in creating secure payment applications that help ensure merchant PCI compliance.
 
To be considered secure, these applications must:
  • Not retain full magnetic stripe data or CVV2 data
  • Protect stored data
  • Provide secure password features
  • Log application activity
  • Support secure application development best practices
  • Protect wireless transmissions
  • Address vulnerabilities identified through testing
  • Facilitate secure network implementations
  • Never store cardholder data on a server connected to the Internet
  • Facilitate secure remote access to application
  • Encrypt sensitive data over public networks
We help software providers like shopping cart vendors, payment service providers, and payment software companies to achieve compliance, by offering PABP pre-audit application development and post-audit remediation services in addition to flexible certification programs and payment terms. Utilizing our extensive range of PABP services, DRG clients are able to more efficiently utilize their development resources and protect credit card data during the transaction process.
 
Scope of PABP Services
DRG custom tailors its PABP certification programs to meet the desired scope and requirements of each company. PABP assessments address systems and applications where cardholder data is retained, stored, or transmitted during the transaction authorization and settlement lifecycle. Other areas of your network that store, transmit or permit access to cardholder data may also be included. Validated payment applications are eligible for inclusion in the prestigious "List of CISP-Validated Payment Applications" located on Visa's web site.
 
The DRG Advantage
DRG differentiates its service from competitors by providing our customers upfront planning, ongoing guidance and direction based upon years of experience and customized service. We keep you informed throughout the engagement. In addition, we offer multi-year customer programs with long-term discounts and manageable low cost monthly payment plans.
 
Here is a brief example of how we conduct our PABP security assessment:
  1. Work with you to define the most appropriate scope for your review
  2. Provide pre-audit preparation, guidance and documentation
  3. Plan and review the work and test program prior to onsite visits to most effectively utilize your time and critical resources
  4. Collect key documents, such as security policies and procedures, in advance to be prepared for our onsite work
  5. Conduct onsite interviews and testing work in a professional manner
  6. Provide early notification when we identify deficiencies or security vulnerabilities that require remediation
  7. Provide a preliminary report on compliance so you may review and comment on our findings before we finalize your report
  8. Provide recommendations or remediation services and assistance as required to ensure your compliance as quickly and cost-effectively as possible
DRG understands and supports the payment card industry's goal to protect cardholder data and to ensure that members, merchants, and service providers maintain the highest information security standards. DRG is committed to provide the highest standard of quality work in order to support payment application providers who wish to consistently implement the proper application of PCI measures and controls - and ultimately ensure the protection of valuable consumer data.
 
Please contact DRG with questions or to begin the VISA PABP certification process: pabp@drgsf.com or call (650) 638-3350
 
Back to Top