Semafone has gone above and beyond the PCI DSS sampling approach, and has built Cardprotect under the additional, rigorous standards of the PA-DSS, which focus on the payment application itself. With PA-DSS certification, Cardprotect is subject to extensive source code review, testing of the installation and deployment of the payment application and comprehensive penetration testing. This stringent assessment process includes secure development requirements, secure authentication, secure remote access and encrypting sensitive internet traffic, a formal assessment by a Qualified Security Assessor (PA-QSA) and their penetration testing team, and validation by the PCI SSC assessor quality management (AQM) team.

“We are pleased to be able to provide our expert guidance to support Semafone in their bid to help protect customers when making payments,” says Bryan Scaife, Managing Consultant, NCC Group. “Semafone’s PA-DSS certification provides assurance of investment in the continuous maintenance against cyber threats, which helps to reduce the risk for end users.”

In addition to PA-DSS certification and being a Level 1 PCI DSS Service Provider, Semafone is also certified for ISO27001 and is a Level 1 Visa Listed Merchant Agent, making the company the only software vendor to hold all four certifications, offering both on-premise and cloud solutions for securing telephone payments. 

Key benefits of these critical certifications include:

• Level 1 PCI DSS Service Provider: Semafone is a PCI DSS Level 1 service provider, which is achieved following a successful audit with a QSA, and can be used by all merchants processing credit card transactions, including those handling over 6 million transactions per year.
• PA-DSS: PA-DSS is a rigorous framework and assessment of Semafone’s payment application software. The certification process includes stringent penetration testing and procedures, controls, and more – ensuring Semafone provides the highest level of customer data protection.
• Level 1 Visa Merchant Agent: Semafone has been a Level 1 Visa Merchant Agent in Europe for many years, which requires submitting a report on compliance (RoC) to Visa, who then conduct a vigilant audit to ensure continuous service provider compliance.
• ISO27001: The international standard for information security certification that customers look to for assurance that a vendor can be trusted with customer data. Having held ISO27001 certification for almost five years, Semafone has consistently maintained the industry’s seal of approval.

“Semafone has been PA-DSS certified since 2012, which demonstrates our consistent commitment to achieving the highest possible standards in payment data security. By consistently obtaining a PA-DSS certification, we’re providing an unmatched level of security and peace of mind, not only for our direct customers but also for our partners,” said Gary E. Barnett, CEO, Semafone. “PA-DSS certification is a requirement for any maker, developer and integrator of payment applications that use credit card information for payment authorization and settlement, and that are sold, distributed or licensed to third parties. We are literally saving our payment application partners valuable time and costs that would otherwise have gone towards achieving the certification themselves. For our customers, they can rest assured that by selecting Semafone they will be taking every measure possible to protect their consumers’ sensitive information and reduce the risk of a data breach.”

Learn more information about Semafone’s Cardprotect PA-DSS certification.