Schellman Becomes PCI Qualified PIN Assessor

July 9, 2019 Jacob Ansari

Schellman & Company, LLC has become a Qualified PIN Assessor (QPA) for the PCI PIN Security Program. PCI PIN, one of the subsidiary standards part of the PCI PIN Transaction Security (PTS) group of standards, covers the safeguards for protecting online and offline PIN transactions in attended and unattended point of sale or for automated teller machine scenarios. The new QPA program moves assessors under the PCI Security Standards Council’s remit from the payment card brands, although the standards, control objectives, and payment card brand direction remain largely the same.

The PIN Security Requirements complement Schellman’s existing PCI services, especially PCI DSS and PCI P2PE, and give clients who handle ATM processing or other PIN data flows the opportunity to consolidate their various audits under a single firm with deep expertise and rigorous quality standards.

About the Author

Jacob Ansari is a Senior Manager at Schellman & Company. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS, P2PE, and 3DS. Jacob's career spans nearly 20 years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and assessment of cryptographic systems. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS.
More Content by Jacob Ansari

Return to Home

Welcome to our Hub

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Most Recent Articles

Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor.

The CCPA went live on January 1, 2020. The California Attorney General (AG) has issued the second and third versions of draft CCPA regulations, following two periods of public comment.

Oftentimes, organizations that are just starting their HITRUST journey will ask what they need to score in order to be HITRUST certified and just how that scoring process works.

Hopefully this writing finds you well and adjusting to perhaps the most serious health-related situation in many a lifetime. Perhaps it may find you contemplating preparedness in specific ways.

As a child, I never could have pinpointed that I would end up as President of Schellman & Company. Professionally, I have achieved a lot, but I also hold another very important role as a mother.

As we face this rapidly evolving and fluid health emergency related to coronavirus disease COVID-19 we want to acknowledge the many concerns across the business and technology community.

Companies that collect or process personal information about New York residents have likely heard of New York’s Stop Hacks and Improve Electronic Data Security Act - the SHIELD Act.

It's up to enterprises to quickly deploy patches to secure software before hackers get in.

The coronavirus is posing global threats that are challenging businesses worldwide forcing them to put new policies and practices into place to prepare for and communicate with their workforces.

You’re probably aware of a new strain of virus that is manifesting all around the globe, one that has you contemplating hiding under that aforementioned rock for your own health.

A sweeping consumer privacy law went into effect in 2020 in the state of California but it seems many businesses are still not yet ready to comply.

What are the common reasons CSPs fail to achieve a FedRAMP Authority to Operate ATO in a timely manner?

Talking with 4th graders on security testing, online safety, and job skills for infosec.

While it’s true that life and the American experience has tremendously improved for most black Americans since the Civil Rights Movement, there remains much opportunity for continued progress.

When wrestling with compliance requirements CISOs often feel like they are a performer in the middle of a three-ring circus trying to juggle spheres of compliance.

A wide range of internet of things connected devices are now required to include reasonable and appropriate cybersecurity measures under a California law that went into effect Jan 1.

Dark Reading recently asked a number of security experts for the most important advice they'd tell IT departments to impart to their remote workers.

Though machines have been communicating with other machines for decades the term of IoT wasn’t coined until 1999. IoT consists of any device that is connected through the Internet to other devices.

After 10 years of fully supporting Windows 7 Microsoft ended its official support for the out-of-date operating system. Consumers who have not upgraded to Windows 10 become part of attack vector.

It has never been easier to establish an online presence and having your domain is key. When managing DNS records users should stay up to date with regards to safeguarding their domain's reputation.