Definition

PA-DSS (Payment Application Data Security Standard)

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. PA-DSS applies to third-party applications that store, process or transmit payment cardholder data as part of an authorization or settlement. Software applications developed by merchants for in-house use only are exempt from PA-DSS but must comply with PCI DSS.

The Payment Card Industry Security Standards Council maintains PA-DSS, which it published in 2008 as a replacement to Visa’s Payment Application Best Practices (PABP). PABP was Visa’s attempt to guide software vendors in creating secure applications. However, it lacked widespread adoption.  

To achieve PA-DSS compliance, a software provider must have its application audited by a PA-DSS Qualified Security Assessor. PA-DSS requirements include:

  • Do not retain full magnetic stripe, card validation code or value, or PIN block data.
  • Provide secure password features.
  • Protect stored cardholder data.
  • Log application activity.
  • Develop secure applications.
  • Protect wireless transmissions.
  • Test applications to address vulnerabilities.
  • Facilitate secure network implementation.
  • Do not store cardholder data on a server connected to the Internet.
  • Facilitate secure remote software updates.
  • Facilitate secure remote access to applications.
  • Encrypt sensitive traffic over public networks.
  • Encrypt all non-console administrative access.
  • Maintain instructional documentation and training programs for customers, resellers and integrators.

Contributor(s): Maggie Sullivan
This was last updated in April 2012
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: