Introduction
The Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS) is a comprehensive set of international security requirements for software vendors and others that develop secure payment applications that do not store prohibited data, such as full magnetic-stripe, other sensitive authentication data or PIN data, as part of an authorization or settlement of a payment card transaction.PA-DSS compliant applications help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data, and support overall compliance with the PCI Data Security Standard (DSS).
Payment Application Data Security Standard
Visa strongly encourages payment application vendors to develop and validate the conformance of their products to the PA-DSS. PA-DSS compliant applications help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data, and support overall compliance with the PCI DSS. PA-DSS applies only to third-party payment application software that stores, processes or transmits cardholder data as part of an authorization or settlement. PA-DSS does not apply to software applications developed by merchants and agents for in-house use only. These in-house software applications are covered within a merchant or agent's PCI DSS assessment.
The PCI SSC is responsible for maintaining and updating the PA-DSS and all related documentation, Payment Application Qualified Security Assessor (PA-QSA) qualification and training, Reports of Validation (ROV) submissions and quality assurance as well as the listing of PA-DSS validated payment applications.
For more information on PA-DSS, including validation requirements and a list of
PA-DSS validated applications please visit the PCI SSC website at www.pcisecuritystandards.org.
|
New Zealand
