|
PA-DSS is the Council-managed program formerly under the supervision of the Visa
Inc. program known as the Payment Application Best Practices (PABP). The goal of
PA-DSS is to help software vendors and others develop secure payment applications
that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data,
and ensure their payment applications support compliance with the PCI DSS. Payment
applications that are sold, distributed or licensed to third parties are subject
to the PA-DSS requirements. In-house payment applications developed by merchants
or service providers that are not sold to a third party are not subject to the PA-DSS
requirements, but must still be secured in accordance with the PCI DSS.
|