Compliance

PCI P2PE Certification Services

Foregenix was the first assessor in the world to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) to guide and assess payment applications against its Point-to-Point-Encryption (P2PE) standards.

The Foregenix P2PE Certification services are delivered by one of the industry's leading QSA teams with substantial experience and skills in assisting P2PE Solution Providers in securing their solutions.

Our approach is consultative-led and we maintain a flexible approach in supporting our clients through the compliance process.

Our P2PE Certification Services include:

Pre-Compliance/Gap Analysis - an onsite review and gap-analysis providing a structured framework and guidance to establish a baseline level of compliance and to address areas of non-compliance. This essential service forms the basis of a successful compliance program.

Application Testing - a thorough review of the application logic to identify any security weaknesses or flaws in the application logic. Any issues identified are always explained thoroughly in easy to absorb language and remediation advice is provided.

Penetration Testing - penetration test services (both internal and external) provide a comprehensive and thorough analysis of a network and application's security and thus offer protection against potential compromise. Any issues identified are always explained thoroughly in easy to absorb language and remediation advice is provided.

Final Compliance Audit - an on-site evidence gathering session with a P2PE Qualified Security Consultant (P2PE-QSA) that leads to the completion of the final Report of Validation. Upon satisfactory completion, the Report is submitted for final approval to the appropriate card schemes and PCI Security Standards Council.