PCI PA-DSS Certification

The PCI Payment Application Data Security Standard (PCI PA-DSS) was officially adopted in 2008 by the PCI Security Standards Council (PCI SSC) and is based on the VISA Payment Application Best Practices Program  (PABP).

PCI PA-DSS is directed at software manufacturers who develop payment applications that are integrated in the payment process (authorization or settlement) and that process credit card data. Its objective is to support software vendors in developing secure payment applications with clear rules and to promote the protection of sensitive data within the applications.

All payment applications must be certified that are sold “off-the-shelf,” or are transferred or licensed to third parties. By successfully certifying their payment application according to PCI PA-DSS, software manufacturers demonstrate that their products are PCI DSS compliant, ensure the marketability of their products and verifiably simplify the certification process for their customers. 

Applications that are developed in-house by merchants and service providers and that are not made available to third parties must not be certified according to PCI PA-DSS; however, they must fulfill the PCI DSS requirements.

We can offer software vendors target-oriented consulting and certification services from a single source. Our process model has already demonstrated its effectiveness in numerous certification projects. Our work style stands out for its efficiency and flexibility. As an option, we can provide a test and certification environment for Intel-based applications. The certification process is structured in the following phases.

Scope Workshop
To determine the certification relevance of the respective software module of your payment application. We point out any obvious deviations versus PCI PA-DSS and coordinate the next steps with you.

Pre-Assessment  (optional)
To check certification-relevant software modules, IT systems, documentation and processes regarding their PCI PA-DSS compliance. We document and discuss deviations and provide a catalog of measures to eliminate them.

Remediation (optional)
To eliminate deviations and vulnerabilities identified in the Pre-Assessment. Experienced usd consultants will support you, as needed.

Onsite Audit
This is a formal process during which a certified auditor checks the PCI PA-DSS compliance of software modules, IT systems, processes and documentation within the scope of the audit.

Report on Validation
The auditor prepares the official Report on Validation. The audit scope, actual audit process and customer-specific implementation of PCI PA-DSS requirements are documented in detail.
 

We would be happy to send you an offer tailor-made to meet your specific requirements. You can find detailed information about our services and prices in our PCI Competence Center..