Capita Software Services has become one of the first UK-based vendors of payment applications to achieve the Payment Application Data Security Standard (PA-DSS) and the first deployment of the validated software. The new PA-DSS validation will give customers using Capita Software Services’ site-based solutions the same high level of assurance that is already in place for users of its PCI DSS certified managed service. The standard will apply to those of its Payment Management applications that are customer-hosted and used to take payments by credit or debit card.
Managed by the Payment Card Industry Security Standards Council (PCI SSC), PA-DSS is designed to provide the definitive data security standard for software vendors developing payment applications and includes measures such as ensuring that secure data such as PIN, Card Security Code or magnetic stripe data is not stored.
Chris Cooper, Operations Director at Capita Software Services, commented: “We are delighted to have attained official PA-DSS validation. Capita remains committed to ensuring that its products and services continue to incorporate the most rigorous data security controls. With the continued focus on card fraud and citizen data in general we are constantly looking at ways to improve on existing security measures.”
Capita’s managed service products were certified to Payment Card Industry Data Security Standard (PCI DSS) Level 1 in late 2007 meaning that the 170 plus organisations that use this service to accept payments via channels such as internet or automated telephone were already benefitting from the highest levels of security. This same level of security can now be seen to be in place for payments taken face-to-face or in a call centre type environment, in both instances the application is site-based but calls upon Capita’s managed Secure Bureau Service for card authorisation.