About this guide:
The Payment Application Data Security Standard (PA-DSS) has been an instrumental part of the PCI family of standards from nearly the beginning of the PCI SSC.
It helps merchants and service providers select applications developed by other parties that will aid in their compliance with PCI DSS, and allows those application vendors to market their applications as capable of meeting the necessary security requirements. That said, an application’s PA-DSS compliance will not address all of the user organization’s security or compliance needs, and PADSS applies to a certain set of payment applications only and not all applications in general. In this paper, we will consider the scope and purpose of PA-DSS, discuss the elements of a PCI PA-DSS validation, and address the ways which merchants or service providers can use an application validated for PA-DSS compliance.