What is PA-DSS?
Payment Application Data Security Standard ensures software vendors develop secure payment applications. This applies to third party applications that store, process or transmit payment cardholder data as part of an authorisation or settlement.
This applies to applications licensed or distributed to third parties.
Applications developed internally that won’t be passed on, in any format, are not subject to the PA-DSS requirements. However, PCI DSS compliance is still needed for these applications.
The PCI Security Standards Council maintains the PA-DSS. It was first published in 2008 as a replacement for Visa’s Payment Application Best Practices (PABP) standard. The Visa standard was not widely adopted therefore a newer version was needed to encourage compliance around the world.
What our PA-DSS assessment involves
To achieve PA DSS compliance, applications must be audited by a Payment Application Qualified Security Assessor (PA-QSA).
At Vectra, we have highly skilled PA-QSA assessors to undergo a PA-DSS audit of your software.
Our PA-DSS services check the key features of your software’s security.
This includes ensuring:
- Cardholder data is store in a secure location, that is not connected to the internet.
- Full PIN block data, magnetic stripe and card validation code or values are not kept
- All privacy data is encrypted over public
- An active and secure log management system is in place
If Vectra does detect any issues, we can assist in a PA-DSS remediation process to ensure data security.