PCI Payment Application Data Security Standard (PCIPA-DSS)
The PCIPA-DSS is aimed at companies developing software that processes card data from the international payment systems American Express, Discover, JCB, MasterCard and Visa. Web shop software, payment solutions or customer management systems are examples of software products that can be certified according to PCIPA-DSS. The aim of the PCIPA-DSS is to support software manufacturers in the development of secure applications and the protection of sensitive data (e.g. credit card data).
With a PCIPA-DSS certification, you as a software manufacturer support your customers in implementing PCIDSS. This will benefit not only your customers but also you, as you will strengthen the trust in your product with the inspection by an independent third party and the certificate.
SRC supports and advises software manufacturers in implementing the requirements of the PCI Payment Application Data Security Standard for software products, e.g. by means of an introductory workshop. The aim of the workshop is to provide a clear understanding of the requirements of PCIPA-DSS and its interpretations on the one hand and to gain a comprehensive overview of the software, the software architecture, the development process and the implemented or planned security measures on the other hand. The procedure for carrying out the software validation as well as the upcoming work steps will also be coordinated within the framework of this workshop.
PCIPA-DSS Software Validation
SRC performs software validation based on the requirements of PCIPA-DSS. The basis of the analysis is the document “Payment Card Industry (PCI) Payment Application Data Security Standard — Requirements and Security Assessment Procedures”, which describes the requirements for software with regard to the PCI Data Security Standard.
As part of validation, SRC checks to what extent the requirements listed in the document are fulfilled and implemented by the product. SRC will perform the validation step by step as follows:
Pre-analysis and review of manufacturer documents
Creating the report
After a positive validation of the PCIPA-DSS software validation results by the PCISSC, the software or product is included in the “List of validated payment applications” available on the Internet.