PA-DSS Requirements

To achieve PA DSS compliance, a software vendor must ensure that their software meets or exceeds these requirements:

  1. Do not retain full magnetic stripe, card validation, code or value or PIN block data.
  2. Protect stored cardholder data.
  3. Provide secure authentication features.
  4. Log payment application activity.
  5. Develop secure payment applications.
  6. Protect wireless transmissions.
  7. Test payment applications to address vulnerabilities.
  8. Facilitate secure network implementation.
  9. Cardholder data must never be stored on a server connected to the internet.
  10. Facilitate secure remote software updates.
  11. Facilitate secure remote access to payment application.
  12. Encrypt sensitive traffic over public networks.
  13. Encrypt all non-console administrative access.
  14. Maintain instructional documentation and training programs for customers, resellers, and integrators.

What's your Risk Liability as a Developer

Risk Elimination

As a software developer you'll need to make a decision as to the amount of liability you are willing to shoulder so that your software meets PA-DSS compliance guidelines.  You'll need to balance the burden and costs of compliance with functionality and flexibility for your end-users.

Eliminate your Liability

Access our Document Library

Access our Document Library for PCI SCC document concerning PCI DSS and PA-DSS compliance and for documents to assist software developers to meet the standards. 

Access Document Library