Home    About Us    Services    Resources    Careers    Contact Us

PA DSS Compliance
Payment Application Data Security Standard (PA DSS) is a subset of Payment Card Industry Data Security Standards (PCI DSS) that is applicable to any payment application.

The standard is primarily tailored to ensure that any third-party application that performs Authorization and Settlement and used by merchants, banks or any financial organization meets all the essential security guideline as required. The council put forth the PA DSS security framework for all payment applications developers to follow a secure guideline during the development cycle.

What is Payment Application?

In the context of PA-DSS, a software application that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties is called a Payment Application.

Within the payment industry, there are all sorts of “payment applications” that are available for merchants to implement within their transaction environments. As much as the PADSS provides industry standards for developing payment applications, not all software applications that play a role in transactions are eligible for review and listing by the PCI SSC under the PA-DSS program.

For the purposes of PA-DSS, a payment application eligible for review and listing by the PCI SSC is defined as an application that:

PA DSS ensures a payment application can function in a PCI DSS compliant manner –

  • To support the PCI DSS compliance of those that use the application
  • Use of a PA DSS application alone does not guarantee PCI DSS compliance

If an application is not eligible for validation under the PCI SSC’s PA-DSS program, the PCI SSC recommends that those applications, if intended for use in the cardholder data environment, are developed using PA-DSS as a baseline for protection of payment card data.

Merchants and service providers using or wishing to use such applications in their cardholder data environment would include these applications as part of their annual PCI DSS assessment.

PA-DSS Gap Analysis and Certification Services

Payment Application Data Security Standard (PA-DSS) is a PCI SSC managed program for the Payment Applications and applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. It helps software vendors and others develop secure payment applications.

SecurWires works with you until your application is certified and listed on in the validated payment applications list on PCI SSC website.

Certification Process Steps

  • Determine scope of assessment
  • Gap Analysis
  • Remediation plan and support
  • PA-DSS Certification
  • Delivering Report on Validation (ROV), Certificate of Compliance

What is SecurWires Offering?

SecurWires Technologies and Services LLP is a PCI SSC Authorized Qualified Security Assessor (QSA) CompanyCIS SecureSuite Member Company and a Member of Data Security Council of India (DSCI). SecurWires is a pure-play Cyber Security and Information Security Company which is dedicated to help businesses run Cyber Security and Information Security Programs more effectively. SecurWires is vendor neutral; we do not resell any software or hardware and will always recommend the best solution for the organization. Our professionals provide industry-leading expertise to help organizations meet their evolving Data Security and Privacy needs.

SecurWires offer Consulting, Gap Analysis and Preparedness Services for PA DSS and we have developed channel partnerships with select PA DSS Qualified Security Assessor firms who can utilize the SecurWires reports to help customers get PA DSS Compliance and get listed on PCI SSC listing.

Talk to our experts to know more about our Data Security and Privacy offerings

Speak to our Security Expert

  Offline: Leave Message