PCI Card Production
Oragnziations which are involved in the production of physical cards abide by the requirements in the PCI-CP Standard. There are both physical and logical security requirements in this standard.
- Assessor Type
- GOVERNING BODY
- Data Type
- CP QSA
- CARD PRODUCTION VENDOR
- 3 Years
- PCI SSC
- ACCOUNT DATA
If you are producing payments cards or cloud-based or secure element provisioning services then you must have heard about PCI CP Standard.
PCI CP is Payment Card Industry Card Production standard which has unified the need of maintaining security standards for card production companies and Payment brands are no longer maintaining their own security standards.
PCI Council is now maintaining the list of approved the PCI CP auditors, called as Card Production Security Assessors ( PCI CPSA )
If you are producing VISA or MasterCard Cards, then these payment brands have mandated to the PCI CP assessment done every year by PCI CPSA.
The standard has 2 parts, PCI CP Logical security and PCI CP Physical security.
PCI CP Parts
How can CBL Help?
We perform the gap assessment as per PCI CP Standard and provide gaps and solutions on how to mitigate those gaps. We also provide support services such as Security tests, Quarterly internal audit/review required to meet with PCI CP security requirements.
Entities involved in physical and logical security activities associated with card production and provisioning are required to comply with Payment Card Industry (PCI) Card Production and Provisioning requirements. We are PCI CPSA accredited by PCI SSC to conduct security audits to meet the payment industry compliance standards. We submit the reports to payment brands after doing the assessment.
Bespoke advisory Solutions
We understand silver bullet approach wont help at all, we provide customized solutions to make sure that you implement PCI CP Controls effectively in your environment.
We have advised major card production vendors for a very long time even before the publishing of a specific standard for compliance of card production vendors.
The activity is combination of both physical and logical security controls which are required to be implemented in the organization.
Our Automated approach in providing report, exchanging documents and workflow management saves lot efforts and keeps us away from audit fatigue
Being a full service vendor of PCI , we provide all the auxiliary services needed to be PCI standards Compliant, Our consulting support will be there even after PCI CP Compliance.
PCI CPSA Assessment
Involves comparing the status of information security controls present in the organisation against the requirements outlined in the PCI CP standards.
The identified gaps are reported to payment brands. In most cases, these gaps are to be closed in 1 month and report the status back to the payment brands.
PCI CARD PRODUCTION FAQs
Only the Approved from PCI Council, I.e. Card Production Security Assessor can perform the PCI Card Assessment and submit the final Report on Compliance to the Payment Brand.
The two standards are different so one can go for separate assessments. However, PCI CP Compliance programs are driven by payment brands, hence please contact the payment brands for the exact requirement by them.
PCI SSC has recently released remote assessment guidelines as it was much needed in the pandemic situation. However the PCI CP Compliance program is driven and managed by Payment brands, hence it is advised to contact Payment brands for all such requests.