PSC to Assess the PCI Token Service Providers (TSP) Security Requirements in early 2016

Top Quote PSC's QSA (P2PE)s to assess the TSP's token data environment as per PCI TSP Security Requirements. End Quote
  • (1888PressRelease) January 05, 2016 - Last month the PCI Security Standards Council (PCI SSC) released "Additional Security Requirements and Assessment Procedures for Token Service Providers (EMV Payment Tokens), Version 1.0." The document defines physical and logical security requirements and assessment procedures for Token Service Providers that generate and issue EMV Payment Tokens.

    Answering the question of who is qualified to assess the PCI TSP Security Requirements, PCI SSC states the following:
    "When assessing the TSP's token data environment, only QSA (P2PE)s that have undergone TSP training are qualified to assess the PCI TSP Security Requirements. PCI DSS Requirements 1 through 12 (which also apply to the token data environment) may be validated by a QSA."

    As one of only 24 companies worldwide certified to undertake this, PSC's QSA (P2PE)s will begin providing assessments to the Token Service Providers in early 2016. Amongst its suite of solution offerings, PSC specializes in cryptographic key management, physical security and logical access controls - all crucial components of the more stringent controls defined in the PCI TSP Security Requirements. With a number of qualified P2PE assessors, PSC will be ready to provide assessment services to Token Service Providers in 2016. Additional announcements and communications will be provided shortly.

    ###
space
space
  • FB Icon Twitter Icon In-Icon
Contact Information