Payment Application Data Security Standard (PA-DSS)

PA-DSS stands for Payment Application Data Security Standard (PA-DSS) which is a set of comprehensive requirements to ensure secure payment applications are utilized for the processing of credit cards.

For the purposes of PA-DSS, a payment application is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties. For example:

• PA-DSS does apply to payment applications that are typically sold and installed "off the shelf" without much customization by software vendors.
• PA-DSS does apply to payment applications provided in modules, which typically includes a "baseline" module and other modules specific to customer types or functions, or customized per customer request. PA-DSS may only apply to the baseline module if that module is the only one performing payment functions.
• PA-DSS does NOT apply to a payment application developed for and sold to only one customer since this application will be covered as part of the customer's normal PCI DSS compliance review.
• PA-DSS does NOT apply to payment applications developed by merchants and service providers if used only in-house (not sold, distributed, or licensed to a third party), since this in-house developed payment application would be covered as part of the merchant's or service provider's normal PCI DSS compliance.

As part of the compliance process improvement and facilitation, the PCI Security Standards Council defined qualifications for PA-DSS Qualified Security Assessors (QSAs).

Enterprise Risk Management is a certified PA-DSS Qualified Security Assessor (QSA). We can assist your organization regarding the PA-DSS compliance. We offer competitive pricing and value packages, tailored to your specific PA-DSS compliance needs.