PCI SSF is a Payment Card Industry  Software Security Framework

It is intended to test payment apps, intended to store, process and/or transfer cardholder data for payments and settlements authorization.

It is required to comply with PCI SSF requirements when selling, distributing and/or licensing the current apps to third parties and when participating in payment authorization and settlements. Exception: self-developed and custom-made applications for a single customer.

PCI DSS requirements will be applied to the payment app, if it will be used within your organization. However, The app must comply with PCI SSF, if you sell, distribute, and/or license payment apps (turnkey solutions = out-of-the-box solutions) for different customers.

The supplier must have payment application, assessed and validated by approved PCI SSF auditor (Secure Software Assessor) in order to achieve compliance with PCI SSF requirements.

  • Compliance Control will help you to implement best practices and processes, show you the way to ensure your app is developed in accordance with PCI SSF requirements, give advises on the way to prepare the Implementation Guide and support you in the full compliance process.

Contact us to get consulted on PCI SSF audit and we will contact you within 30 minutes.

Fill the form

Project stages

Stage 1

The current state assessment and revealing the shortcomings, according to PCI SSF requirements.

We will start the payment app validation process with consulting on PCI SSF requirements and looking through the app. Then we’ll review the app code and view the log file and database records. Finally, we’ll provide several recommendations for eliminating the shortcomings on the first stage result basis.

Stage 2

Certification audit and PCI SSF compliance report (validation report, ROV)

The current report will be submitted to PCI SSC for app inclusion to the certified apps list after successful review and validation.

Project results

Our auditors will provide an Attestation of Validation and prepare reporting documentation for the payment app inclusion to the certified payment apps list on the certification audit results basis.

Interested in a service? Contact us right now!