Schellman Becomes PCI Qualified PIN Assessor

July 9, 2019 Jacob Ansari

Schellman & Company, LLC has become a Qualified PIN Assessor (QPA) for the PCI PIN Security Program. PCI PIN, one of the subsidiary standards part of the PCI PIN Transaction Security (PTS) group of standards, covers the safeguards for protecting online and offline PIN transactions in attended and unattended point of sale or for automated teller machine scenarios. The new QPA program moves assessors under the PCI Security Standards Council’s remit from the payment card brands, although the standards, control objectives, and payment card brand direction remain largely the same.

The PIN Security Requirements complement Schellman’s existing PCI services, especially PCI DSS and PCI P2PE, and give clients who handle ATM processing or other PIN data flows the opportunity to consolidate their various audits under a single firm with deep expertise and rigorous quality standards.

About the Author

Jacob Ansari is the Security Advocate at Schellman, where he leads the firm's security best practices advocacy. Jacob develops and leads educational efforts on security practices, emerging and extant threats, and related industry developments for both internal and external audiences, and regularly represents the firm as an experienced security practitioner, security officer, and industry expert on technical information security matters and leadership in the space. Jacob has also acted as the CISO for the firm and has an extensive history in a client facing role as the technical lead for Schellman’s PCI services. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on security-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.
More Content by Jacob Ansari

Schellman Principal Doug Kanney Appointed to HITRUST CSF Assessor Council

We are proud to announce that the HITRUST Alliance has appointed Schellman & Co. Principal Doug ...

Cross-Border Privacy System Gains Second U.S. Compliance Agent

(Article originally published on BloombergLaw.com)

Return to Home

Stay up to date and discover new insights into compliance through our team’s thought leadership

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Most Recent Articles

A majority of the OCR's HIPAA actions involve an insufficient risk analysis or risk management program. To avoid that fate, here are 3 common pitfalls to avoid, along with a new service that can help.

Want to stay competitive with FedRAMP or ISO 27001 certification? Take a look at the similarities and differences between these two options and decide which is better for your organization.

Introducing Andy Goldstein, our new CFO who will help the firm drive further value creation. Welcome, Andy!

Getting ready for a PCI DSS assessment? We provide 5 steps to take so that your experience complying with this complex standard is as streamlined as possible.

If you have privacy obligations, a certification in ISO 27018 or ISO 27701 may suit your organization--we provide an overview of both, along with their strengths and differences to help you choose.

To help make scoping your HITRUST Assessment easier, we lay out 5 elements that will affect your final HITRUST scope and how you should factor them in.

Introducing HIPAA Express, a one-of-a-kind, risk-based assessment that can help healthcare providers and systems protect themselves from ransomware, breaches, and perhaps even OCR fines.

As the world moves towards the next iteration of the Internet Age, understand this shift to digital identity, how important it will become, & how some countries are already taking steps to protect it.

Schellman has now dedicated office space in Ohio to support our one-of-a-kind initiative for recent college graduates. Learn about the Emerging Talent Program and how it can jumpstart your career.

NIST SP 800-171 has recently been gaining traction given its relevance to the upcoming launch of CMMC. Learn how this publication fits in with federal frameworks and the requirements it lays out.

Invested in a web application penetration test? We detail what this specific test is, as well as 5 things you need to prepare so that you can streamline your experience as much as possible.

Low-cost audit firms appeal to budgets everywhere, but before you make your decision, we offer 5 things to consider because what you purchase at a low price might not necessarily mean low total cost.

Not sure if you're liable under HIPAA? Learn how a business associate is defined, as well as their roles and responsibilities in HIPAA compliance and how to avoid liability.

The APEC CBPR/PRP privacy framework is going global, and it could benefit your organization. We detail what these new certifications are, who's involved, and 5 ways they can advantage you.

ISO 9001 & 27001 address different aspects of business, but the way the standards align could provide a double advantage. Learn more about their commonalities & whether integration could benefit you.

Introducing Bhavna Dave, our new Chief People & Culture Officer, who will take charge of furthering Schellman's inclusive environment and ensure that we continue to prioritize our people.

Not sure where to begin with CMMC? It all starts with CUI—we explain how this type of data plays into your necessary level of CMMC compliance, including the type of assessment and what's in-scope.

Interested in HITRUST certification? Learn the details of the two different kinds of assessment and how each works so that you choose the right compliance route for you.

"SOC reports" are a staple in compliance, but there are so many different kinds. Learn about each of these specialized standards and their related reports to understand which may serve you best.

Schellman is one of many 3PAOs capable of helping organizations achieve FedRAMP ATO. As you search for the right firm for you, here are 3 things you need to know about us & our FedRAMP capabilities.