Compliant with end-to-end Payment Applications
As a software developer or integrator of payment applications, you may need to comply with the Payment Card Industry Payment Application Data Security Standard (PA-DSS).
PA DSS is a security standard for payment applications that ensure secure management of the application. It encrypts any data that is stored, provides logging and auditing information and allows for secure updates. In addition to that, it does not store sensitive authentication data after authorization and it does not break any PCI DSS requirements or controls.
End-to-end payment functions (authorization and settlement), interfaces and connections to other files, systems, and/or payment applications or application components, all cardholder data flows, encryption mechanisms, authentication mechanisms, etc.
- Preparation: useful to prepare for the Formal PA-DSS Review
- Gap Analysis: to identify potential gaps before going through the Formal PA-DSS Review
- Additional Iteration for formal PA-DSS review, which could be required if issues are identified during the formal PA-DSS review
- Consultation: useful for the software vendors during remediation (i.e. while fixing the issues identified in the formal PA-DSS review process)