Sequoia Retail Systems prioritizes PA-DSS compliance certification

According to Visa mandate, every credit card acquirer must ensure that merchants and agents use only PCI compliant validated payment applications by July 1, 2010. The program to certify validation was developed by the PCI Standards Council. The Payment Application Data Security Standards (PA-DSS) outlines these rigorous standards. If POS systems are not in compliance with these standards by the deadline, they will no longer be able to process credit transactions.

Sequoia Retail Systems has dedicated a significant amount of our engineering resources towards obtaining PA-DSS compliance certification. It is Sequoia’s primary objective to preserve our customers’ software investments. We have developed a schedule in which each component of Sequoia’s systems will be modified and tested for PA-DSS compliance.

We have engaged DRG as our auditor and have started the auditing process for one of our platforms and are currently auditing our PC-POS platform. We expect all of our six product platforms to be certified starting this spring and finishing in the early summer.

We have taken a very aggressive approach to PA-DSS validation that involves changing any software so that no credit card numbers are stored in your server. While this approach is initially more time intensive, it will minimize both cost and risk because it will eliminate the need for future audits for all programs no longer handling credit numbers.

By obtaining early certification, our customers will have the time to demonstrate to their accounting, I.T., and security offices that their systems are safe and in compliance with the new requirements.

For more information on PA-DSS or other Payment Card Industry standards, please visit the PCI Standards Council website at: http://www.pcisecuritystandards.org/

If you have any questions on our approach and how it relates to your own PCI compliance efforts, please contact our Security Coordinator, Jeremy Bowers, at jeremy@sequoiars.com.