Schellman Becomes PCI Qualified PIN Assessor

July 9, 2019 Jacob Ansari

Schellman & Company, LLC has become a Qualified PIN Assessor (QPA) for the PCI PIN Security Program. PCI PIN, one of the subsidiary standards part of the PCI PIN Transaction Security (PTS) group of standards, covers the safeguards for protecting online and offline PIN transactions in attended and unattended point of sale or for automated teller machine scenarios. The new QPA program moves assessors under the PCI Security Standards Council’s remit from the payment card brands, although the standards, control objectives, and payment card brand direction remain largely the same.

The PIN Security Requirements complement Schellman’s existing PCI services, especially PCI DSS and PCI P2PE, and give clients who handle ATM processing or other PIN data flows the opportunity to consolidate their various audits under a single firm with deep expertise and rigorous quality standards.

About the Author

Jacob Ansari is the Security Advocate at Schellman, where he leads the firm's security best practices advocacy. Jacob develops and leads educational efforts on security practices, emerging and extant threats, and related industry developments for both internal and external audiences, and regularly represents the firm as an experienced security practitioner, security officer, and industry expert on technical information security matters and leadership in the space. Jacob has also acted as the CISO for the firm and has an extensive history in a client facing role as the technical lead for Schellman’s PCI services. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on security-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.
More Content by Jacob Ansari

Schellman Principal Doug Kanney Appointed to HITRUST CSF Assessor Council

We are proud to announce that the HITRUST Alliance has appointed Schellman & Co. Principal Doug ...

Cross-Border Privacy System Gains Second U.S. Compliance Agent

(Article originally published on BloombergLaw.com)

Return to Home

Stay up to date and discover new insights into compliance through our team’s thought leadership

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Schellman Becomes PCI Qualified PIN Assessor

About the Author

Previous Article

Next Article

Most Recent Articles

In February 2023, the OCR reported recent HIPAA issues & breaches to Congress—we break down the details so you can understand where other organizations fell short and avoid similar pitfalls.

For those operating in the federal space, we break down 4 commonly referenced NIST Special Publications in 800-34, 800-61, 800-63, and 800-218, including what they address and how.

Schellman welcomes Matt Goodrich as our new Head of Transformation. His expertise and vision will be instrumental in helping us drive further growth.

Becoming PCI DSS compliant is a complex process. We walk you through the first steps in determining what you need, as well as the steps for completing an assessment so that you know what to expect.

Considering a HIPAA assessment? Whether you choose to perform it internally or engage an independent third party, we share 7 steps to focus your preparation and boost your compliance.

Having already assessed organizations against the new PCI DSS v4.0, we're publishing the insight gained to help you understand more of what's coming and boost your preparation for the new standard.

With the release of the Biden Administration's new cybersecurity strategy in March 2023, cybersecurity has become an American priority. We break down the details, as well as how you can prepare.

Not sure what you're getting into with HITRUST certification? We break down the complete process into 4 steps so you can know what to expect and how to get from start to finish.

Schellman welcomes Michael Parisi as our new Head of Client Acquisition to assist as an integral part of our proactive growth initiatives.

PCI DSS v4.0 is a big shift for everyone involved in payment transactions, but we explain what and why those specifically in the banking industry should take a closer look at the updated standard.

Considering a FedRAMP Moderate Assessment? We break down what to expect from the process, the elements that will be evaluated, and specific areas to take care of so you can streamline your experience.

Defining the secure exchange of data is critical for PCI DSS compliance. To help you do that more easily, we break down all the elements, which ones are stronger than others, & how they work together.

Wondering how a web application penetration test actually works? We overview the 4 steps of our process so that you can know what to expect from your engagement.

With the debut of HITRUST CSF v11, it's important to know the dates for the phase-out of previous versions. We break down how it'll work for the i1 & r2 assessments so your transition goes smoothly.

With the debut of the Cloud Italy Strategy, cloud service providers may need to adhere to the new requirements. We break these down so that you can more easily jumpstart your compliance.

Internal audit teams can be big boons to an organization, but they're not always an option. We explain the benefits of these teams as well as an alternative to pursue for similar efficiency yields.

Now that HITRUST has released a new version of CSF, we explain what changes and updates have been made to your HITRUST assessment options in version 11. “New year, new me!”

Understand the true depth of the role management plays in a potential ISO 27001 certification, as laid out in clauses 5 & 9.3, so that you can better set expectations with leadership at your firm.

Current pace of software releases making it difficult to remain compliant with change management requirements? Learn how branch protection can help you in this & keep your software development secure.

Looking for insight on where to draw the boundaries of your ISMS? We break down the scoping clauses of the ISO 27001 standard so that you have a starting point regarding what needs to be included.