Call us on 03450 21 21 51

SRM Solutions
Consultancy & Compliance


The Payment Application Data Security Standard

SRM is an accredited PA DSS assessor. With a forensic laboratory in the North East, we have the expertise and resource to guide software application companies through the process of certification.

Who is the service for?

Anyone who has developed an application that processes card data in any way, and has made it available commercially to other users, is likely to need to comply with the PA DSS. Compliance is usually completed prior to release of the application and a certificate of compliance is lodged with the Payment Card Industry Security Standards Council. Customers gain reassurance from knowing that an application is up to date with the latest standards.

What is PA DSS?

The Payment Application Data Security Standard (PA DSS) is the standard that has been created to help to secure software applications that are used to process payment card data. The standard relates to any commercially available payment application and aims to secure the environment used to make a payment with credit or debit cards. The standard was written by the major global card organisations, including American Express, Visa and MasterCard, and is applicable all over the world. It is very closely related to the PCI DSS.

The PA DSS aims to ensure that the payment applications used in card terminals and till systems are as secure as possible. It covers all aspects of the payment application development and deployment, including how improvements are made and documented. It is important to establish whether a payment application requires compliance with the PA DSS. Only an approved PA DSS company is able to perform this assessment.

Why use SRM for PA DSS certification?

SRM holds the certification for undertaking this type of work from its laboratory in the North East. Using advanced automated tools, we create a test environment within our lab to replicate the way in which the application will be used in a live scenario. Testing for a range of conditions is part of the certification, as well as compliance with the PCI DSS.

Whatever the nature of payment application in use, SRM has the experience to help you achieve compliance and register the necessary paperwork with the international standards body, the PCI SSC.

Associated services


The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.


At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.


Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

PCI Forensic Investigation (PFI/ PFI Lites)

SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations.

Related articles