[Shenzhen, China, June 12, 2015] Huawei today announced that its Cloud Payment Solution (CPS) has successfully passed the compliance assessment conducted by atsec China, which is an independent, standards-based information technology security services company. The assessment is based on the on the Payment Application Data Security Standard (PA DSS) v3.0 established by the Payment Card Industry (PCI), and the assessment was validated by the Payment Card Industry Security Standards Council (PCI SSC).
The Huawei CPS is a central payment system based on a mobile transfer and payment service for the carriers, institutions (such as merchants), and cardholders, establishing emerging payment modes to replace the traditional ones, such as cash, checks and credit cards to facilitate mobile-based money payments and transfers. The CPS provides Card-Not-Present settlement to complete the transactions between the institutions and banks. Currently, the CPS has been successfully bringing its technology to mainstream carriers in countries worldwide. It is widely recognized by customers for its reputation of facilitating secure payments.
The PA DSS is a global security standard, defined by leading payment card brands such as VISA and MasterCard, that addresses data security issues related to payment authorization and settlement. Since its establishment in 2012, the PA DSS has been a mandatory requirement for payment applications, from deployment to implementation, for banks, payment service providers, and merchants. These standards are developed based on the PCI SSC Requirements and the associated security assessment procedures, which specify the technical requirements for PCI DSS compliance, (e.g. the protection on data storage and transmission). The PA DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data and/or sensitive authentication data.
Hai Shen, Product Director, Huawei CPS, said, “In the cloud payment and mobile payment industry, payment and finance security serves as a basis in safeguarding the successful operation of the entire service from the perspective of the end-user and carriers. The CPS security architecture strictly conforms to the PCI PA DSS standard. The PA DSS is a mandatory security regulation in the financial payment industry and we are proud to announce that the CPS has successfully passed compliance testing by the atsec, the PA QSA lab and the PA SSC. We hope that these established standards compliance can further ensure the security process of our customer payment service industry in the future.”
China Yan Liu, PCI Laboratory Director, atsec, commented, “Congratulations to Huawei for successfully passing the PA DSS compliance assessment and validation. The hard work and coordination between project teams of both parties have made this a success. The global payment card industry requires payment organizations (like acquirers) to ensure their merchants and agents use PA DSS compliant payment applications. The validation also improves the product security and quality from the product design architecture, security development, code and test, to the life cycle process within the vendor.”
To learn more about the validation, please see the “Validated Payment Applications” list on the PCI SSC website (Reference number 15-10.00989.001).