PA DSS is the Council-managed program designed to help software vendors and others develop secure payment applications that do not store prohibited data. All Payment Applications either licensed and distributed to third parties and merchants, or created by third parties and merchants are subject to the PA DSS Requiremnets.
- PA DSS
- PA DSS V2.0
- List of Validated Payment Applications
- Qualified Security Assessors (QSAs)
- Approved Scanning Vendors (ASVs)
Visa has their own payment application security standard programs for merchant assistance. Navigate through their weblinks for their most current information.
- Visa Visa Payment Application Security Mandates
Phase Compliance Mandates Effective Date I Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications 1/1/08 II VNPs and agents must only certify new payment applications to their platforms that are PABP-compliant 7/1/08 III Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications 10/1/08 IV VNPs and agents must decertify all vulnerable payment applications 10/1/09 V Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant applications 7/1/10