DevOps.com

Where the world meets DevOps

What Is PA-DSS?

By on 1 Comment

If you develop payment application software, you must ensure that it is secure and compliant with PA DSS. Read on to learn more about the payment application security standard.

Recent Posts By DevOps.com
More from DevOps.com
Related Posts
Show more
Show less

What You Need to Know About PA DSS

The Payment Application Data Security Standard (PA DSS) is a part of PCI DSS and is a global security standard. PA DSS applies to the development of payment application software. What’s more, if you are a software vendor that makes and sells payment applications, you must comply with PA DSS. This is to ensure the security of all of your software components. Compliance is essential because if you do not comply, you could receive massive fines.

Important Requirements for PA DSS Compliance

The PA DSS requirements apply to the storing, processing and transmitting of cardholder data and sensitive authentication data. There are 14 requirements that every organization that handles credit card information must follow:

  1. Do not retain full track data, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data.
  2. Protect stored cardholder data.
  3. Provide secure authentication features.
  4. Log payment application activity.
  5. Develop secure payment applications.
  6. Protect wireless transmissions.
  7. Test payment applications to address vulnerabilities and maintain payment application updates.
  8. Facilitate secure network implementation.
  9. Cardholder data must never be stored on a server connected to the internet.
  10. Facilitate secure remote access to payment applications.
  11. Encrypt sensitive traffic over public networks.
  12. Secure all non-console administrative access.
  13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators.
  14. Assign PA-DSS responsibilities for personnel. And maintain training programs for personnel, customers, resellers, and integrators. The Steps to Achieve PA DSS Compliance.

There are five simple steps in order to comply with PA DSS:

  1. Comply with Requirement 5, which outlines the process for how to develop secure payment applications.
  2. Apply coding standards, such as OWASP, CWE, and CERT.
  3. Train developers in secure coding.
  4. Use a SAST tool to enforce PA DSS requirements automatically.

To read more, please visit: https://www.perforce.com/blog/kw/what-is-pa-dss

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
%d bloggers like this: