In the context of PA-DSS, a software application that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties is called a Payment Application.
Within the payment industry, there are all sorts of “payment applications” that are available for merchants to implement within their transaction environments. As much as the PADSS provides industry standards for developing payment applications, not all software applications that play a role in transactions are eligible for review and listing by the PCI SSC under the PA-DSS program.
For the purposes of PA-DSS, a payment application eligible for review and listing by the PCI SSC is defined as an application that:
PA DSS ensures a payment application can function in a PCI DSS compliant manner –
If an application is not eligible for validation under the PCI SSC’s PA-DSS program, the PCI SSC recommends that those applications, if intended for use in the cardholder data environment, are developed using PA-DSS as a baseline for protection of payment card data.
Merchants and service providers using or wishing to use such applications in their cardholder data environment would include these applications as part of their annual PCI DSS assessment.
Payment Application Data Security Standard (PA-DSS) is a PCI SSC managed program for the Payment Applications and applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. It helps software vendors and others develop secure payment applications.
SecurWires works with you until your application is certified and listed on in the validated payment applications list on PCI SSC website.
Certification Process Steps
SecurWires Technologies and Services LLP is a PCI SSC Authorized Qualified Security Assessor (QSA) Company, CIS SecureSuite Member Company and a Member of Data Security Council of India (DSCI). SecurWires is a pure-play Cyber Security and Information Security Company which is dedicated to help businesses run Cyber Security and Information Security Programs more effectively. SecurWires is vendor neutral; we do not resell any software or hardware and will always recommend the best solution for the organization. Our professionals provide industry-leading expertise to help organizations meet their evolving Data Security and Privacy needs.
SecurWires offer Consulting, Gap Analysis and Preparedness Services for PA DSS and we have developed channel partnerships with select PA DSS Qualified Security Assessor firms who can utilize the SecurWires reports to help customers get PA DSS Compliance and get listed on PCI SSC listing.