PA-DSS is a set of requirements that are intended to ensure software suppliers develop secure payment applications that support PCI DSS compliance. PA-DSS applies to third party applications that store, process or transmit payment cardholder data as part of an authorisation or settlement.
Software applications that are developed for the use of one merchant only are exempt from PA-DSS but must comply with PCI DSS.
The Payment Card Industry Security Standards Council maintains the PA-DSS, which it published in 2008 as a replacement for Visa’s Payment Application Best Practices (PABP) standard.
To achieve PA-DSS compliance, a software provider must have its applications audited by a Payment Application Qualified Security Assessor (PA-QSA) and revalidated whenever any major changes are made.