PA DSS – The Payment Application Data Security Standard
What is it?
The Payment Application Data Security Standard (PA DSS) is the standard that has been created to help to secure software applications that are used to process payment card data.
The standard relates to any commercially available payment application and aims to secure the environment used to make a payment with credit or debit cards. The standard was written by the major global card organisations, such as American Express, Visa and MasterCard and is applicable all over the world. It is very closely related to the PCI DSS.
Why do we have it?
Criminals have been targeting card data since the 1960s when credit cards were first introduced. When the technology moved away from processing paper vouchers and on to electronic payment terminals, the threat of malware and corruption of the payment devices became evident. The PA DSS aims to ensure that the payment applications used in card terminals and till systems are as secure as possible. It covers all aspects of the payment application development and deployment, including how improvements are made and documented.
Anyone who has developed an application that processes card data in any way, and has made it available commercially to other users, is likely to need to comply with the PA DSS. Compliance is usually completed prior to release of the application and a certificate of compliance is lodged with the Payment Card Industry Security Standards Council. This means that customers can check to ensure that an application is up to date with the latest standards.
What to do next
It is important to establish whether a payment application that requires compliance with the PA DSS. Only an approved PA DSS company is able to perform this assessment.
SRM holds the certification for undertaking this type of work from one of its two laboratories located in the North East and the Midlands. As each case is likely to be very different, it is sensible to discuss each individual requirement with us so that we can individually tailor the testing process. It invariably involves creating a test environment within our lab to replicate the way in which the application will be used in a live scenario. Testing for a range of conditions is part of the certification, as well as compliance with the PCI DSS.
Whatever the nature of payment application in use, SRM has the experience to help you achieve compliance and register the necessary paperwork with the international standards body, the PCI SSC.
Thanks, we've received your details.
We'll be in touch shortly to discuss your requirements. In the meantime, please download your exclusive free copy of SRM's Guide to Cyber Essentials below.
Download your free copy