Exposure to Liability

As a software developer, you are responsible for providing your end-users with a software that facilitates an easy route to PCI compliance. The end-users will still bear some responsibility as it relates to card handling procedures and any data storage outside of your software; but you as the developer can reduce or eliminate your data security exposure by managing your software's scope of PA DSS compliance. 

Limiting your liability, or more correctly your scope of PA DSS compliance, is an approach that works best for developers who already work diligently to obtain compliance and who are looking to add additional options or functionality to their software. This approach minimizes the burden of compliance, but still requires the developer to hire the services of a PA QSA to test and certify their application, as well as continued audit and compliance burden.

By removing your application from the scope of PA DSS compliance, you no longer have any burden of PA DSS compliance and can market your software to end-users as a product that will help them meet the PCI DSS compliance requirements. This option has little or no up-front costs and allows developers to focus their resources and efforts on their application's core functionality while letting us worry about the data security.

Solving the Liability Issue