The Payment Application Data Security Standard (PA-DSS) was derived from the former Visa Payment Application Best Practices in 2007 and has become a standard that is accepted by the entire payment industry worldwide. The PA-DSS standard provides a set of rules, which specify technical and organizational requirements for software development companies which sell, license or otherwise provide standard applications to members of the payment industry such as payment service providers, processors, acquirers, and merchants.

The rules and testing procedures ensure that a successfully validated application allows its users to meet all the requirements of the PCI DSS. While this does not guarantee automatic compliance with PCI DSS for the users themselves, it ensures that the company can focus on other PCI DSS compliance topics after the installation and the appropriate configuration of the application according to the PA-DSS Implementation Guide.

The standard’s 14 sections include technical requirements for the application, such as the secure storage and deletion of account data, requirements for a well-defined and documented software development process as well as requirements related to the provision of information for resellers and integrators.

The requirements are applied either to the entire application or to all modules of an application that store, transmit or process which cardholder data. A modularization or combination of an application’s cardholder data processing functions in a separate module or service offers the possibility to reduce the effort and cost of a PA-DSS certification and validation significantly.

In order to assist your company to validate your application, we offer workshops, consultancy, pre-audits, and validation audits to our customers. Our staff has over ten years of experience in dealing with PA-DSS certification and the preceding standard Payment Application Best Practices and identifies an optimal implementation and validation with respect to the PA-DSS requirements together with your project team.

Useful Links

The PA-DSS Standard – catalogue of all requirements of the PA-DSS standard

List of certified payment applications – list of all certified payment applications on PCI Council website

News for this standard

2810, 2016

Listing PA-DSS v2 applications by 28 Oct 2016

28.10.2016|Comments Off on Listing PA-DSS v2 applications by 28 Oct 2016

PA-DSS v2 validated applications only acceptable for pre-existing deployments by 28. October 2016 As of October 28, 2016 applications validated against version 2.0 of PA-DSS are acceptable for [...]

1904, 2016

PCI DSS + PA-DSS v3.2 News Update

19.4.2016|Comments Off on PCI DSS + PA-DSS v3.2 News Update

PCI DSS v3.2 News The PCI Council will publish the new version 3.2 of PCI DSS in April 2016. The sunset date for the current version 3.1 will [...]

2509, 2015

Newsletter 4/2015

25.9.2015|Comments Off on Newsletter 4/2015

Within this newsletter we want to inform you about the current publications of the PCI Council and other news from the IT compliance sector. The most important topics are: 1. [...]