S1 Corporation (Nasdaq: SONE), the leading provider of customer interaction software solutions for financial and payment services, today announced that the applications making up the Postilion for Retail solution have been validated as complying with Visa USA and Visa Europe's payment application security best practices, known as Visa Cardholder Information Security Payment Application Best Practices (CISP PABP).
This validation indicates that these Postilion applications handle cardholder data in a secure manner, which helps Postilion customers comply with payment industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
CISP PABP validation is considered to be the industry standard for the data security validation of payment applications. It is designed to assist software vendors develop secure payment applications in an effort to minimize the potential for security breaches and compromised card details. The Visa standards establish a set of best practices, which include the protection of stored data, providing secure password features, and not retaining full magnetic stripe or CVV2 data.
"Participation in the Visa CISP PABP program is critical to helping secure the payment industry. The participation of S1 indicates the company's long- standing and ongoing commitment to consumer security. This validation recognizes Postilion's security features for ensuring the confidentiality and integrity of cardholder data," says Brooks Wallace, Managing Director of AmbironTrustWave Ltd - the London-based, independent, Visa-qualified security assessor that conducted the PABP review for S1, leading to validation.
Albert Oosthuizen, VP of S1 Postilion product development, further explains the impact of validation on Postilion clients: "This validation indicates to auditors that an application can be run in a way that complies with the Payment Card Industry Data Security Standard (PCI DSS). It is currently the only form of application validation available to software vendors, with the intention that using these secure applications should help Visa members, merchants, and service providers comply with the PCI DSS. However, because application compliance is a very small part of an organization's PCI DSS certification, organizations that store, process, or transmit cardholder data need to be PCI DSS certified themselves."
Validated Postilion applications will be revalidated annually, in line with Visa's requirements for the program. Additional Postilion applications will go through the Visa CISP PABP validation process in the coming months.