Similar to P2PE, PIN data is designed to be unreadable until it reaches a secure decryption environment. Banks, acquiring financial institutions, and the component providers that make up the solutions can undergo these assessments to protect their company's data with a Qualified PIN Assessor (QPA) like Schellman.
We begin each project with your end goals in mind and to provide preparation for future key project activities. Effective communication and timely coordination of project planning activities are central to our methodology with our clients.
After the agreement is executed, the first phase of the engagement is planning. This is to ensure that Schellman and the Client are fully aware of the what, who, when, why, and how prior to the beginning of testing.
Proper planning is imperative to the success of a project. Schellman has standard processes to cover the important pieces of the engagement.
The kickoff is considered the start of the engagement. If needed, Schellman will schedule a call at the beginning of, or just prior to, the kickoff to finalize any outstanding items. Schellman will be available to the client with any questions.
By including communication prior to starting, Schellman ensures that no last -minute changes to the project or team have occurred and the Client has the plan prior to the testing and on-site visit.
Testing and gathering is the core of the compliance engagement. Due to the planning and understanding processes, this phase will be an accumulation of gathering the evidence needed for the objectives discussed.
The PCI PIN Program outlines a set of procedural and security standards for financial institutions and all organizations that manage or deploy PIN acceptable devices that process and accept PINs at POS/POIs, kiosks, or ATMs. The program also supports entities that provide operations for these solutions such as key management and encryption supporting activities. Since PIN numbers are considered especially sensitive information, banks and acquiring financial institutions rely on the standard for a minimum level of assurance for the proper security around PIN protection.
Schellman’s testing methodology ends with reporting, but the entire assessment is focused on creating a deliverable that is clear, concise, and accurate.
Schellman’s report takes into account the entire process and customizes a report for each Client. The draft report will be provided within 2 weeks of the last day of testing and gathering phase, and a final report will be provided within 30 days. This timing is unsurpassed by the industry.
Sully Perella is a Senior Manager at Schellman who leads the PIN and P2PE service lines. His focus also includes the Software Security Framework and 3-Domain Secure services.
Whether it is an ISO 27001 certification, SOC 2 examination or a FedRAMP assessment, companies are often challenged by the need to address customer requirements while ensuring a return on compliance investment.
The most important factor in scoping a potential assessment is understanding what deliverable the recipient (i.e. your customer or partner) is expecting.
Once we have scoped your environment and needs, there are several factors that contribute to Schellman’s pricing: