accepting_payments hosted_tokenization hosted_tokenization hosted_price info_services hosted_paypage accepting_payments accepting_payments account_padlock account_padlock_hover_teal account_setup account_setup account_setup_black account_setup_teal alert_red alert_yellow benefits_balance benefits_balance benefits_health benefits_health_white benefits_pay benefits_pay_white benefits_perks business_convenience Install business_retail business_showroom business_takeout business_warehouse call_us_dark_blue call_us_teal call_us_white carousel_button_pause carousel_button_play check_blue check_white checkmark_circle_blue chevron_down_grey chevron_down_normal chevron_down_normal_black chevron_down_normal_dark_blue chevron_down_normal_hover_teal chevron_left_bold_dark_blue chevron_left_normal_black chevron_left_normal_white chevron_right_bold_dark_blue chevron_right_normal_black chevron_right_normal_white chevron_right_skinny chevron_up_normal chevron_up_normal_black chevron_up_normal_dark_blue chevron_up_normal_hover_teal circle_1_grey circle_1_teal circle_2_grey circle_2_teal circle_3_grey circle_3_teal clock_black close_x close_x_dark_blue close_x_hover_teal divot_down divot_left divot_left_outline divot_up email_receipts extra_location icon_fraud icon_fraud extra_register extra_users extra_users facebook flag_canada flag_usa form_checkmark form_checkmark_teal form_error_arrow_up google_plus innovation_api innovation_chip innovation_ecommerce innovation_hosted_pay_page innovation_new_merchant_guides innovation_seamless innovation_support innovation_teal innovation_white innovation_testing innovation_testing_teal linkedin location_pointer logo_moneris_full logo_moneris_full_hover logo_moneris_symbol logo_moneris_symbol_hover mail mail_teal map_marker max_cash_flow menu_hamburger menu_hamburger_hover_teal minus_normal payd_reports payd_reports payment_chip benefits_balance_2 PaydProPlus_report Increased Control Login Login payment_contactless security payment_swipe icon_management_payment people_teal phone_hover_teal phone_white plus_normal product_tracking real_time_report real_time_report_teal real_time_report_white search_magnifying_glass search_magnifying_glass_hover_teal service_billing service_consultation service_custom_dev service_dedicated_support_blue service_flexible_pricing_options_blue service_installation service_revenue_sharing_blue service_training_blue social_facebook social_linkedin social_twitter support_icon take_to_new_website_arrow take_to_new_website_arrow_hover_teal technical_questions technology_teal terminal_spec tips_troubleshooting triangle twitter vid_play_overlay ecommerce increase_sales increase_sales login settings mass_merchandise extra_user email support_icon price_arbitrage gift-card egift-card delivery seamless-gift-card accept-credit-debit max-cash-flow hardware PaydProPlus_report icon-circled_phone financial financial cash business_mgnt_soln information icon-deliver_electronic_data icon-deliver_electronic_data icon-bank icon-ecommerce icon-fraud icon-bank icon-management_payment-solution icon-creat_new_diff icon-maximized_cash_flow icon-credit_card icon-loyalty_card icon-optimized_spend icon-optimized_interchange icon-calendar icon-ppp_reports icon-product_track icon-product_track icon-partners icon-seamless_integration icon-receipt_fraud icon-decal-open icon-decal-open-fr hardware increase_sales elearning lightbulb consultation female settings call financial
Support Page

Payment Application Data Security Standard

The Payment Application Data Security Standard (PA-DSS) is a security standard managed by the Payment Card Industry Security Standards Council (PCI SSC). This standard is based on Visa’s Payment Application Best Practices (PABP). The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties such as merchants or service providers.

Many merchants in the payments industry today utilize third party payment applications that are tailored to their business needs to assist them in accepting credit card payments. Account data compromise statistics show that vulnerable payment applications which store prohibited data are the leading cause of account data compromises, especially among small merchants. The goal of PA-DSS is to assist software vendors to develop secure payment applications that do not store prohibited data, such as full magnetic stripe data, card verification values, or PIN data, and ensure that their payment applications support the merchant’s obligation to comply with the Payment Card Industry Data Security Standard (PCI DSS).

PA-DSS & Visa Canada PACP Frequently Asked Questions



Visa Canada's Payment Application Compliance Program

Visa Canada has established timeframes by which acquirers must ensure that all merchants (new and existing) who use payment application software to process with their acquirers only use such software that has been validated against PA-DSS or PABP requirements.  

Phase

Compliance Mandate

1

By 1 October 2008, all acquirers must ensure that any newly boarded merchant that uses payment application software only uses payment application software that has been validated to comply with PABP or PA-DSS requirements.

2

By 1 July 2010, all acquirers must ensure that all merchants (new and existing) who use payment application software only use payment application software that has been validated to comply with PABP or PA-DSS requirements.



MasterCard Payment Application DSS Mandate

Effective 1 July 2012, MasterCard will revise the MasterCard SDP Program Standards to require all merchants and Service Providers that use third party-provided payment applications to only use those applications that are compliant with the Payment Card Industry Payment Application Data Security Standard (PCI PA-DSS), as applicable. The applicability of the PCI PA-DSS to third party-provided payment applications is defined in the PCI PA-DSS Program Guide. In addition, MasterCard will establish a new PA-DSS compliance validation requirement for Level 1, Level 2, and Level 3 merchants as well as Level 1 and Level 2 Service Providers. >



PA-DSS REQUIREMENTS

1

Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV2) or PIN block data

2

Provide secure password features

3

Protect stored cardholder data

4

Log Application Activity

5

Develop Secure Applications

6

Protect wireless transmissions

7

Test Applications to address vulnerabilities

8

Facilitate secure network implementation

9

Cardholder data must never be stored on a server connected to the Internet

10

Facilitate secure remote access to payment application

11

Encrypt sensitive traffic over public networks

12

Encrypt all non-console administrative access

13

Maintain instructional documentation and training programs for customers, resellers, and integrators