ips

WHAT IS THE PA-DSS?

The Payment Application Data Security Standard (PA-DSS), is a subset of the Payment Card Industry Data Security Standards (PCI DSS), created by the Payment Card Industry Security Standards Council (PCI SSC). It was formerly referred to as the Payment Application Best Practices (PABP). The standard was implemented in an effort to ensure the security of sensitive card holder data by requiring that payment applications not store prohibited data, such as magnetic stripe, CVV2 and PIN.

The PA-DSS applies to software developers and integrators of payment applications that store, process, or transmit cardholder data as part of authorization and settlement. Payment applications that are sold, distributed or licensed to third parties must be compliant with both the PA-DSS and PCI-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements but must still be compliant with the PCI-DSS.

The penalties for not complying with the requirements of the PA-DSS include being charged higher fees and penalties for transactions, fines for each incident and public disclosure of breaches which damage the reputation of your company. Your merchant account may even be canceled, prohibiting your company from accepting credit card transactions.

IPS is one of the few Payment Application Qualified Security Assessor Companies (PA-QSACs) in Canada. Our PA-QSAs are certified by the PCI SSC to conduct payment application reviews to uncover security gaps and provide recommendations to remediate risks. We test your applications and identify vulnerabilities to ensure compliance to the PA-DSS. IPS also investigates weaknesses in application design that may compromise security such as legacy interoperability or insecure architectural dependencies.