Today the PCI SSC added a new standard to the running list of standards and documents it manages (PCI DSS, SAP, SAQ). We reported this was going to happen back in November of last year. The Payment Application Data Security Standard (PA-DSS) is now formally a standard that the Council manages. Check out the press release here.
PA-DSS is the Council-managed program formerly managed by Visa Inc. and known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and ensure their payment applications support compliance with the PCI DSS. PA-DSS requirements apply to payment applications that are sold, distributed or licensed to third parties. PA-DSS requirements do not apply to in-house payment applications developed by merchants or service providers that are not sold to a third party, but these applications must still be secured in accordance with the PCI DSS.
In addition to the standard itself the Council has also released a frequently asked questions for the PA-DSS.
Will the PCI SSC accept applications that have been previously validated under the existing Visa PABP program?
PCI SSC will recognize PABP validated payment applications and list them with the appropriate PABP version that they were validated against. For payment applications validated against pre-PABP version 1.3, they must undergo a PA-DSS assessment within twelve (12) months after the initial publication of the PCI SSC list otherwise they will expire and will no longer be accepted for new deployments. For payment applications validated against PABP version 1.3, they must undergo a PA-DSS assessment within eighteen (18) months after the initial publication of the PCI SSC list. For payment applications validated against PABP version 1.4, they must undergo a PADSS assessment within twenty-four (24) months after the initial publication of the PCI SSC list. Please refer to the table in the Grandfathering PABP Applications section of the PA-DSS Program Guide for more details.
How will the migration to PA-DSS impact vendors previously validated under PABP? Read the FAQ!
Check out the full FAQ documentation for all the fine details. I’m happy there is so much infomation being released surrounding every document released by the Council!
Check out all the documents online:
Popularity: 25% [?]
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
