PA-DSS stands for Payment Application Data Security Standard

PA-DSS applies to payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed or licensed to third parties. PA-DSS helps minimize the risk of compromise of cardholder data and facilitates an environment’s PCI DSS compliance. 

Payment applications are assessed for PA-DSS validation against the following key requirements that are derived from PCI DSS:

  • Do not retain full magnetic stripe, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data
  • Protect stored cardholder data
  • Provide secure authentication features
  • Log payment application activity
  • Develop secure payment applications
  • Protect wireless transmissions
  • Test payment applications to address vulnerabilities
  • Facilitate secure network implementation
  • Cardholder data must never be stored on a server connected to the Internet
  • Facilitate secure remote access to payment application
  • Encrypt sensitive traffic over public networks
  • Encrypt all non-console administrative access
  • Maintain instructional documentation and training programs for customers, resellers, and integrators

Share in the conversation:


This content is for the overlay and will not appear on the page