PCI Card Production
About PCI Card Production
- Our specialists have got CPSA status and have been certified to perform work in accordance with the international payment systems requirements in the card production and personalization field since 2012.
- Compliance audit Payment Card Industry (PCI) Card Production and Provisioning Logical and Physical Security Standard are actual for companies with Card Production Security Assessor (CPSA) status – organizations, which have got a confirmed qualification from PCI SSC regulator to perform an assessment on the PCI Card Production Logical Security Standard and/or PCI Card Production Physical Security Standard requirements. Those professionals, who have got CPSA certificate, must be Card Production Security Assessor (CPSA) employees and fully comply with all qualification requirements (work experience, knowledge in particular area, annual exam passing, etc.)
Payment Card Industry (PCI) Card Production and Provisioning Logical and Physical Security Requirements standard applies to payment card manufacturers and companies, engaged in personalization, data preparation for personalization, chip implementation, packaging and other activities as well, related to the cards production and personalization.
PCI Card Production standard is the result of Visa and MasterCard international payment systems combination. In fact, the current standard is divided into two large parts, regulating both physical and logical security requirements.
Staff management requirements, ensuring the physical security of the external and internal building part, requirements for individual rooms, requirements for the physical security systems used are considered in the physical aspect.
The logical part is applicable to those systems, involved in personalization, pre-personalization, data preparation, PIN envelopes printing, etc. Usually the logical aspect requirements are not applied to the cards production.
The logical standard part provides the staff roles and responsibilities requirements, security policies and procedures, data security at all operation stages, network security, system security, access control and key management requirements as well.
Assessment plan coordination with the auditor and the MPS, onsite audit.
Reporting documentation (ROCs) preparation and sending it to the Ministry of Railways.
Inconsistencies elimination by the customer and final opinion provision (VAOC and/or AOC).
Report on Compliance of the logical and physical standard part will be prepared on the audit results basis:
- Report on Compliance for PCI Card Production Logical Security Standard.
- Report on Compliance for PCI Card Production Physical Security Standard.
We are engaged in the documents development on the approved template basis within the existing method. We send reports to international payment systems’ representative offices. Then we sign the final conclusion once confirmed the discrepancies elimination by the auditor.