PCI PA-DSS validation
PCI Payment Application Data Security Standard
The PCI PA-DSS is aimed at companies developing software that processes card data from the international payment systems American Express, Discover, JCB, MasterCard and Visa. Web shop software, payment solutions or customer management systems are examples of software products that can be certified according to PCI PA-DSS. The aim of the PCI PA-DSS is to support software manufacturers in the development of secure applications and the protection of sensitive data (e.g. credit card data).
With a PCI PA-DSS certification, you as a software manufacturer support your customers in implementing PCI DSS. This will benefit not only your customers but also you, as you will strengthen the trust in your product with the inspection by an independent third party and the certificate.
SRC supports and advises software manufacturers in implementing the requirements of the PCI Payment Application Data Security Standard for software products, e.g. by means of an introductory workshop. The aim of the workshop is to provide a clear understanding of the requirements of PCI PA-DSS and its interpretations on the one hand and to gain a comprehensive overview of the software, the software architecture, the development process and the implemented or planned security measures on the other hand. The procedure for carrying out the software validation as well as the upcoming work steps will also be coordinated within the framework of this workshop.
SRC performs software validation based on the requirements of PCI PA-DSS. The basis of the analysis is the document “Payment Card Industry (PCI) Payment Application Data Security Standard — Requirements and Security Assessment Procedures”, which describes the requirements for software with regard to the PCI Data Security Standard.
As part of validation, SRC checks to what extent the requirements listed in the document are fulfilled and implemented by the product.
SRC will perform the validation step by step as follows:
After a positive validation of the PCI PA-DSS software validation results by the PCI SSC, the software or product is included in the “List of validated payment applications” available on the Internet.