PCI Compliance /Payment Security

Fortune 500 companies count on us to get it right.  Implementing and maintaining secure networks, payment applications, payment devices, policies, and vendor relationships does not happen by accident.  Allow us to work with your team to formulate a directed approach that includes full PCI-compliance, optimal payment security, peak efficiency, and minimized cost.

Payment Application Development

Trust your software development project to proven experts.  Diverge has spent two decades managing software development, and specializes in developing secure, reliable, scalable applications for e-commerce, customer relationship management, and third-party integrations.  Contact us for a custom bid.

Payment innovation & leaderSHIP

PCI-P2PE Trailblazer

Sam has had the privilege of being part of the internal team that built and released the first PCI validated point-to-point encryption solution in North America, as well as working with other solution providers to attain this challenging validation.  Sam's role has included writing cryptographic procedures, overseeing key management and policy compliance, and helping launch the world's first PCI-P2PE 2.0 decryption-as-a-service (DaaS) solution.  Sam is now a QSA (P2PE), one of fewer than 100 assessors worldwide certified to assess P2PE solutions.

PCI Liaison

Somewhere between internal distractions and your auditor's idealism is the optimal mix of security, risk-management, and efficient business operations.  Sam is a certified as a qualified security assessor (QSA), P2PE Assessor, Qualified PIN Assessor (QPA), Secure Software Assessor (SSA), and 3DS Assessor, allowing him to operate in a unique position as both liaison to your QSA, as well as a surrogate team member to assist with the design of effective solutions for secure payment processing.  Other services include drafting policy documentation, penetration testing, network design, and in general demystifying the world of PCI compliance.

Payments Architect

Since 2006, when Diverge built the first-of-its-kind SaaS mobile EBT acceptance system on the Ingenico i7910 platform, we have never stopped innovating.  Sam's recent product work includes a jQuery-driven e-Commerce API, and the world's first PCI-P2PE/EMV semi-integrated/standalone countertop terminal for retail and small businesses (including signature capture and printer).   Roles included drafting business requirements, conducting vendor analysis, running RFPs, document writing, product management, and QA.

Application Specialist

Designing, building, or testing a payment solution requires understanding of the underlying software and hardware architecture, but also the impact of data flows on PCI compliance, EMV certification, and card brand compliance. Our team has worked with numerous software companies to architect payment solutions for security, compliance, and cost-effectiveness.  Whether as the application architect, PCI consultant, business analyst, project manager, or application security analyst we know how to navigate the pitfalls to ensure timely and on-budget project delivery.

phone / Video Consult

Set up a free 30 minute consult to discuss your needs, and how Diverge can assist.  Click here to schedule online.

On-Site / Project  Engagements

Prefer to meet face-to-face?  Contact us for our fee schedule, travel schedule, and no-obligation project review.

Call (303) 569-6977 for a free consult today.

• An avid distance runner, Sam has completed over 43 marathons and ultramarathons!
  

• Sam and his beautiful wife, Melinda, have been married for 27 years, with three amazing adult children and one incredible daughter-in-law.

SAM PFANSTIEL, Ph.D.

PRINCIPAL, FOUNDER

Sam is a perpetual student of innovation and technology. Over the past 25 years, he has held CIO, IT leadership, and principal security consulting roles with five organizations and managed over 1,000 distinct technology projects. Sam founded Diverge in 2004 in Broken Arrow, Oklahoma, and now resides in Broomfield, Colorado.

In 2022, Sam completed his doctorate, publishing his dissertation research entitled “Impact of Internal Control, Cybersecurity Risk, and Competitive Advantage on Retail Security Investment.” [Follow on ResearchGate]

Sam is currently engaged as principal PCI analyst with Toast, and is not seeking private consulting engagements at this time for any services provided by Toast, or its customers or partners. If you need Sam to speak at your event, he would be happy to assist you within this role.

CURRENT CERTIFICATIONS

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Certified Ethical Hacker (CEH)

Payment Card Industry Professional (PCIP)

PCI Internal Security Assessor (ISA)

PREVIOUS CERTIFICATIONS

The following certifications may only be held by assessors employed by organizations certified to perform these assessments. While Sam no longer holds these certifications, he has extensive experience in these compliance frameworks and performing the corresponding assessments:

PCI Qualified Security Assessor (QSA)

PCI Point-to-Point Encryption (P2PE) Assessor

PCI Point-to-Point Encryption (P2PE) Application Assessor

PCI Qualified PIN Assessor (QPA)

PCI 3-D Secure Assessor (3DSA)

PCI Software Security Framework Secure Software Assessor (SSF SSA)

PCI Software Security Framework Secure Software Lifecycle Assessor (SSF SSLCA)

PCI Payment Application Qualified Security Assessor (PA-QSA)

Visa Security Assessor (Visa SA)

Certified TG-3 Auditor (CTGA)