The Payment Application Data Security Standard (PA DSS) is a set of security requirements applicable to applications developed by third parties. Both Visa and MasterCard mandate that merchants only use PA DSS compliant payment applications to help ensure that their processing software does not inhibit their PCI DSS compliance status.
Not sure how to comply with the payment application mandate? We can help.
All software vendors must comply with the PA DSS when developing software and point of sale applications for general resale.
The PA DSS standard does not apply to a merchant’s proprietary application that has been developed internally for the merchant’s own use. Merchants using proprietary applications must secure those applications in accordance with the PCI DSS, and include them within the scope of their annual PCI DSS validation efforts.
- Review lists of validated applications to help ensure your specific application version is compliant. Both the application name and version number should be listed.
- Install and use the application in a PCI DSS compliant environment and in accordance with the vendor specifications.
Merchants should take the following steps to comply with the payment application mandates: