PA-DSS

The road to compliance

Applications are responsible for controlling access to sensitive business transactions and mission critical customer data. The application layer has become the criminal's new favourite target.

The Payment Application Data Security Standard (PA-DSS) applies to software vendors and others who develop payment applications that store, process or transmit cardholder data as part of authorisation or settlement where these payment applications are sold or distributed by third parties. Payment software vendors need to comply with the requirements of PA-DSS in order for merchants to use their products to process credit card transactions.

PA-DSS addresses the following challenges:

▪ Global enforcement of the security of every version and release of all payment applications, based on a common standard and agreed by all payment brands
▪ Removal of all insecure payment applications that presently exist
▪ Providing merchants and service providers with confidence in software vendors' payment application solutions

Getting ahead of the game

As with PABP, software vendors are already identifying that there is a real competitive advantage to be gained in being able to claim that their application is PA-DSS compliant and are also facing increasing pressure from their customers to be able to demonstrate that compliance. In the future, it is likely that merchants will be unable to achieve PCI DSS compliance unless they are using PA DSS compliant software.

Steps to achieving compliance

NCC Group is a leading independent provider of consultancy and security testing services, specialising in helping organisations protect themselves from information security threats. As a Qualifi ed Security Assessor (QSA) and Approved Scanning Vendor (ASV) and with a team of PA-QSA's, NCC Group is ideally placed to advise on PA-DSS.

Our experienced PA-QSA accredited Information Security testing and consultancy professionals have carried out thousands of consultancy and security testing assignments for clients including; international banks, regulators, on-line retailers and key central and local government bodies.

Back to Consultancy home page

contact us

For more information and to find out how we can help you, please contact our consultancy team on:

consultancy@nccgroup.com

+44 (0)161 209 5288

More information

PCI DSS

Risk Management - The University of Warwick

BS 25999 - Papworth Hospital

Business process healthcheck - Hackney Homes

ITIL - University of Ulster

IT Strategy - Gateshead Housing

Enterprise Architecture - Health Professions Council

Security Testing - Scottish Police College

ISO 27001

Specification & Procurement - Derby Homes