PCI-DSS and PA-DSS Compliance

With data security compromises on the rise, it is more important than ever to ensure your business is compliant with the Payment Card Industry Data Security Standard (PCI-DSS) and your payment application is compliant with the Payment Application Data Security Standard (PA-DSS). Learn more about how to ensure you are compliant — and safeguard your business and your customers.

Ensuring you are PCI-DSS compliant

Payment Card Industry (PCI) Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data.

The Council is responsible for managing the PCI DSS, while compliance with the PCI DSS is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

The PCI DSS applies to all organizations that store, process or transmit cardholder data. EVERY business that accepts card payments and stores, processes or transmits payment card data MUST MEET the PCI DSS.

Ensuring you are PA-DSS compliant

Visa requires you to use a payment application that adheres to the Payment Application Data Security Standard (PA-DSS), which is based on Visa’s Payment Application Best Practices (PABP). These mandates are designed to eliminate the use of non-secure payment applications that store prohibited data elements from Visa’s payment system.

According to the PCI Council, “The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure payment applications support compliance with the … PCI DSS.”

Where to Begin

• To familiarize yourself with the PA-DSS requirements and best practice tips for achieving compliance. Click here.
• To learn more about the PA-DSS, visit the PCI website. Click here.