PA-DSS (Payment Application Data Security Standard)

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance.

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. PA-DSS applies to third-party applications that store, process or transmit payment cardholder data as part of an authorization or settlement. Software applications developed by merchants for in-house use only are exempt from PA-DSS but must comply with PCI DSS.

The Payment Card Industry Security Standards Council maintains PA-DSS, which it published in 2008 as a replacement to Visa’s Payment Application Best Practices (PABP). PABP was Visa’s attempt to guide software vendors in creating secure applications. However, it lacked widespread adoption.  

To achieve PA-DSS compliance, a software provider must have its application audited by a PA-DSS Qualified Security Assessor. PA-DSS requirements include:

  • Do not retain full magnetic stripe, card validation code or value, or PIN block data.
  • Provide secure password features.
  • Protect stored cardholder data.
  • Log application activity.
  • Develop secure applications.
  • Protect wireless transmissions.
  • Test applications to address vulnerabilities.
  • Facilitate secure network implementation.
  • Do not store cardholder data on a server connected to the Internet.
  • Facilitate secure remote software updates.
  • Facilitate secure remote access to applications.
  • Encrypt sensitive traffic over public networks.
  • Encrypt all non-console administrative access.
  • Maintain instructional documentation and training programs for customers, resellers and integrators.
This was first published in April 2012

Glossary

'PA-DSS (Payment Application Data Security Standard)' is part of the:

View All Definitions

Dig deeper on Information Security Policies, Procedures and Guidelines

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close