Semnox’s renewed PA-DSS Certification reiterates commitment to application security
The Payment Card Industry Security Standards Council (PCI SSC), the global security standard aiming to provide a definitive data standard for software vendors who develop payment applications, has recently recertified Semnox Solutions’ Payment Application Data Security Standard (PA-DSS).
The pioneering move is in keeping with Semnox’s efforts to safeguard sensitive information pertaining to clients at all phases of product development and support. PA-DSS aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, and PIN. This standard also mandates that software vendors come up with payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI-DSS).
“As we continue to innovate our products, we consider security control to be key catalyst in ensuring a compliant and safe environment. PA-DSS v3.2 certification further validates our commitment to provide innovative functionalities in compliant environment,” says Mathew Ninan, vice-president (development), Semnox.
With this recertification, Semnox has taken an important step towards further boosting customer trust. By ensuring dedicated renewal of such valuable certifications, the company seeks to assure clients of the importance given to security and confidentiality in all processes.
Semnox, meanwhile, was PCI-DSS certified some time ago in recognition of its commitment to updating and maintaining security standards. This is ensured by restricting and limiting the number of personnel with access to sensitive data, providing multiple layers of defence and a secure data protection model, and implementing strong access control measures by regularly testing security systems and processes.
Semnox also holds the Statement on Standards for Attestation Engagements (SSAE) 18 certification also known as SOC 1 Type 2 compliance. The certification is targeted at service organizations with the aim of strengthening their internal controls, such standards assure clients of due diligence in financial reporting, IT, development, hiring, support, disaster recovery, backup processes, and the like.