PCI Payment Application Data Security Standard (PCI PA-DSS)

PCI PA-DSS Workshop

SRC supports and advises software manufacturers in implementing the requirements of the PCI Payment Application Data Security Standard in software products, e.g. by means of an introductory workshop. The goal of the workshop is, on the one hand, to provide a clear understanding of the PCI PA-DSS requirements and their interpretations and, on the other hand, to gain a comprehensive overview of the software, the software architecture, the development process, and the implemented or planned security measures. The procedure for performing the software validation and the upcoming work steps are also coordinated during this workshop.

PCI PA-DSS Software Validation

SRC performs software validation based on the requirements of PCI PA-DSS. The basis of the study is the document “Payment Card Industry (PCI) Payment Application Data Security Standard – Requirements and Security Assessment Procedures”, which describes the requirements for software with regard to the PCI Data Security Standard.
As part of the validation, SRC checks to what extent the requirements listed in the document are met and implemented by the product.
SRC will perform validation in stages as follows:

• Pre-analysis and review of manufacturer documents
• Software validation
• On-site analysis/interviews
• Create the report

After a positive review of the PCI PA-DSS Software Validation results by the PCI SSC, the software or product is added to the “List of validated payment applications” available on the Internet.