What is PCI PA DSS?

Asked By: Criselda English | Last Updated: 28th April, 2020
Category: personal finance credit cards
4.2/5 (131 Views . 41 Votes)
Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. Software applications developed by merchants for in-house use only are exempt from PA-DSS but must comply with PCI DSS.

Click to see full answer


Similarly, it is asked, what is the difference between PCI DSS and PA DSS?

Short answer: Every organization that handles credit cards needs to comply with PCi DSS, only vendors that make and sell payment applications need to meet PA DSS. The PCI DSS is a standard that ALL organizations that store, process and/or transmit credit card data must be compliant with.

Furthermore, what is PA DSS When Should PA DSS be applied? You need PA-DSS if you are storing credit card data (for subscriptions or payment outside the system). If you are using SaaS you don't need it.

In this regard, what is the purpose of the PA DSS program?

PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN.

What types of payment applications does PA DSS apply to?

' is no, PA-DSS does not apply to payment applications provided as 'Software as a Service' (SaaS). However, the full answer is slightly more complicated as this position only applies where the application is offered only as SaaS and is not sold, distributed, or licensed to third parties.

15 Related Question Answers Found

Is PayPal PA DSS listed?

PayPal Is Safe, Sound and PCI DSS Compliant
At Merchant Level 1, which includes any merchant that processes over 6 million Visa transactions per year, PayPal takes great measures to provide and maintain the safest possible environment to protect its more than 200 million annual customers' confidential cardholder data.

What can be stored according to PCI DSS?

At a minimum, PCI DSS requires PAN to be rendered unreadable anywhere it is stored – including portable digital media, backup media, and in logs.

What are payment applications?

A payment application is anything that stores, processes or transmits card data electronically. Anything from a POS System to an e-commerce shopping cart that incorporate software to handle credit card data are all classified as payment applications.

What is PA DSS listed?

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. Do not retain full magnetic stripe, card validation code or value, or PIN block data.

What is attestation of compliance?


AOC (Attestation of Compliance)
The AOC is a form used by merchants and service providers to attest to the results of a PCI DSS assessment. It is submitted to an acquirer or payment brand along with the appropriate SAQ or ROC, plus any other requested documentation.

What does it mean to be PCI compliant?

Being PCI compliant means consistently adhering to a set of guidelines set forth by the PCI Standards Council. PCI compliance is governed by the PCI Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards.

What is a qualified integrator & reseller?

A Qualified Integrator & Reseller (QIR) is an organization that is authorized by the PCI Security Standards Council to “implement, configure and/or support” PA-DSS payment applications. The PCI Council lists all QIRs on its website and the number of companies that are QIR Validated is growing very quickly.

What is a payment application vendor?

According to the Payment Card Industry, a payment application is any hardware or software that processes, transmits or stores card data electronically. A service provider is a business entity that is directly involved in the processing, transmitting, and storage of cardholder data but is not a payment brand.

Who defines merchant and service provider levels?

A merchant is defined as someone that stores, processes and transmits credit or debit card information and has a merchant ID. Each merchant is categorized as a “level”, based on the number of transactions they process in a year, outlined as follows: Level 1 ( > 6 million transactions)

Do I need PCI compliance with stripe?


Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. When accepting payments, you must do so in a PCI compliant manner.

What is transaction switching?

Payment Switch is Transaction processing software which receives transaction request from more than one interface ( ATM, POS , mPOS, payment gateway and many more) and obtain authorisation for transaction from defined hosts ( Banking hosts for account authorisation for debit cards or credit card hosts or prepaid card