PA-DSS Validation

When developing computer applications that handle, process, or store consumer information, the importance of information security cannot be overvalued for any successful business. A security breach can result in significant financial loss and irreparable damage to a company’s reputation.

Credit card companies employ stringent data protection compliance requirements for merchants and merchant service providers. Two specific programs, the Payment Card Industry Data Security Standard (PCI-DSS) and the Payment Applications Data Security Standard (PA-DSS), are vital to the long-term success of every business.

What is PA-DSS?

The PA-DSS is a set of 14 requirements that POS application developers should follow to maintain a high level of security within their applications. It is a collection of industry security standards that assist software vendors with creating and maintaining secure payment applications. PA-DSS applies only to third-party payment software that stores, processes or transmits cardholder data. It does not apply to hardware terminals or software developed by merchants and agents for in-house use only. This multifaceted security standard includes requirements for:

• Application Design
• Application Security
• Application Testing
• Network Architecture
• Other critical protective measures

PA-DSS Validation

PA-DSS validation assures merchants and their customers that their point-of-sale systems are not storing prohibited credit card data and are PCI-compliant. A PA-DSS audit, administered by a Payment Application Qualified Security Assessor (PA-QSA) in good standing and acknowledged by PCI Security Standards Organization — such as Tevora Business Solutions — is recommended to oversee the data security of a company’s payment applications. The audit begins with an onsite gap analysis, followed by corrective actions to address any identified deficiencies.

What does compliance mean to you?

There are numerous reasons and various benefits achieving compliance can have for your organization:

• Avoid penalties of non-compliance
• Reduce risk of an information breach
• Preserve consumer confidence
• Create a safer, more resilient infrastructure

A comprehensive application assessment must be completed by a PA QSA according to the Payment Application Data Security Standard (PA-DSS). The information gathered along with the document created will be used as the template for the Report on Validation to be submitted to the PCI Security Standards Council. The Confirmation of Report Accuracy (for Payment Application Companies) must be completed by all payment application vendors validating compliance and their assessor and submitted to the PCI Security Standards Council.

Tevora as a PA-QSA:

As a Payment Application Qualified Security Assessor (PA-QSA) in good standing and acknowledged by the PCI Security Standards Organization, Tevora can be your partner of choice when looking for help in achieving and demonstrating compliance.

Working closely with a number of Fortune 1000 companies around the country, Tevora has the expertise to move decisively and thoroughly analyze, remediate, and assess adherence to the PA-DSS standards in a cost effective manner.