What is PA-DSS?
The Payment Application Data Security Standard (PA-DSS) is a global security standard created and maintained by the Payment Card Industry Security Standards Council (PCI SSC). This was introduced to provide the definitive security standard for payment application software vendors.
Compliance with this is required if you develop payment applications that store, process or transmit cardholder data as part of authentication or settlement where these payment applications are sold, distributed or licensed to third parties.
Why be PA-DSS compliant?
Besides being a requirement for many payment application vendors, compliance in this area will add value to your business in a number of ways:
- Maximise market opportunities – Ensures you are perfectly positioned to take advantage of the rapidly growing payment application software market
- Increased value of your software solution – Will add value to your entire software suite – not just the payment module.
- Helps R&D – PA-DSS can/should be used by your development team to ensure that the apps your developing are architected and deployed with card data protection in mind.
- Competitive advantage – You could lose potential customers to competitors without it
- Fast track PCI Compliance – It can help you quickly become PCI DSS compliant
- Peace of mind for your customers – Provides reassurance to your customers that they are transacting securely from end to end.
We are a leading PA-DSS compliance partner. At 2-sec, we specialise on a global basis in payment application security. We are extremely proud of our long term relationship with the PCI SSC which extends over a decade. Here are some benefits of partnering with 2-sec:
We cover the entire range of payment card compliance services – including Penetration Testing, Card Data Discovery, Source Code Reviews and Software Development Lifecycle Assessments.
Industry leading Qualified Security Assessors – Our team are highly experienced information security professionals who sit on professional panels such as ISSA and have a breadth of real world insights.
State-of-the-art in-house testing payment testing lab – We maintain a number of independently verified PCI DSS Compliant environments within our lab, that can accommodate virtually any payment acceptance scenario.
We reduce the complexity and cost of PA-DSS compliance – Our mission is to ‘simplify security’. We will work collaboratively with you to achieve compliance as smoothly and simply as possible.
Long relationship with the PCI SSC – We’ve worked with them since 2004. Our team holds both QSA and PA-QSA certifications and our CEO has led PCI SSC Special Interest Groups.
Customer satisfaction and retention – We have helped hundreds of companies become PCI DSS and PA-DSS compliant and have a high client retention rate.
Transparent proposals with inclusive pricing so you get no unexpected surprises.
Dedicated Customer Success Manager – We know that you’ll have a lot of questions throughout this process so you’ll have direct phone and email contact with your own go-to person.
Clear communication – Our mission is to ‘simplify security’ so we will communicate our recommendations in a cleat and jargon-free way.
Achieve PA-DSS compliance with 2-sec – here’s how:
Our comprehensive PA-DSS assessment follows a 6-step process:
This consists of an initial scope review and gap analysis. Once possible problem areas have been identified, we provide a detailed checklist of issues that must be addressed before the Application Assessment can take place.
The formal PA-DSS Assessment, known as the Report on Validation (RoV), is where we meet your team and test your application in order to gather accurate information to satisfy PA-DSS compliance.
Post-Assessment Summary Report
This report provides an overview on your compliance status and any remediation needs.
We will work with you to fix areas of non-compliance and expedite the retesting process to ensure timely completion.
Final PA-DSS Report and Submission
The final RoV report outlines compliance to PA-DSS requirements and after client review, we will submit your compliance status to relevant stakeholders.
Like PCI DSS, PA-DSS comprises a number of time-sensitive controls and must be maintained on a daily basis. We help you stay on top of PA-DSS throughout the year, so you sail through your next annual PA-DSS Assessment like a breeze.
Does PA-DSS apply to me?
If you are unsure whether you need PA-DSS, we would be happy to discuss and clarify with you