Electronic payment transaction security is at the forefront of our development goals. If the speed, flexibility and scalability of our payment platform are relevant features, security is the fundamental principle with which we constantly relate.
KPay has completed the PA-DSS 3.2 certification process this year.
What does this mean in terms of security?
PA stands for Payment Application and DSS Data Security Standard: having this type of certification means having demonstrated that the Payment Application complies with the international standards defined as requirements by the payment security institutions, in this specific case the PCI Standard Security Council.
The PA-DSS 3.2 certification covers various aspects, from software development methodology, to management and distribution of new software versions and updates, to timely verification of the technical safety requirements of the application.
Using a PA-DSS 3.2 validated application is a major facilitator for the operator's PCI-DSS certification, who will not have to repeat the checks on the payment application.
As regards functionality, the validation activity covered the Payment Gateway and on the processors involved in the transactions.
Specifically, the verifications carried out have shown that the KPay solution:
- Has been provided with all documentation and resources necessary to reach an accurate assessment of the PA-DSS compliance status.
- Does not retain track data (magnetic-stripe or equivalent data on the chip), CID, CAV2, CVC2, CVV2 data or PIN data as result of the transaction authorization on any files or functionalities of the application.
- End-users of the Payment Application receive a validated copy of the PA-DSS Implementation Guide.
- It complies and will continue to comply with the Vulnerability Handling Procedures document set forth in the Vendor Release Agreement dated 4 October 2019.
The certification process of a company like ours, which in this case is identified as a Payment Application Vendor, is followed and validated by a third party company, a Payment Application Quality Security Assessor, which is responsible for verifying the veracity of the declarations through a detailed investigation and a series of tests.
Our Payment Application Qualified Security Assessor is Advantio, a company specialized in consulting, training and testing on cyber-security systems with offices throughout Europe.
“Advantio announces with satisfaction the successful and timely completion of the validation of the KPay payment application according to the PA-DSS 3.2 standard. In addition, Advantio completed PA-DSS and PCI DSS training for Konvergence, that has demonstrated a continuous learning culture.
Advantio is proud that Konvergence has chosen our organization as a Trusted Security Partner.”
To get a concrete idea of the solidity of the Kpay platform, in the last year more than 5 billion euros have been managed for electronic payments (credit and debit cards), more than one billion for Food Stamps (paper and electronic) and almost 7 millions Multiservice operations.
With the renewal of this certification, we formalize our commitment to the development and evolution of the KPay platform, which guarantees retailers secure transactions at all stages of the payment management, authorization and traceability.
By maintaining a solid level of security at the basis of payment management, we are more confident in implementing new ways of using digital payment services, that are becoming ubiquitous and integrated with the new contact channels.
Mobile payment, digital wallet and dematerialized services are the new development frontiers that we make available to our customers, without neglecting a solid security base.