What is PA-DSS? When should PA-DSS be applied?

What is PA-DSS? When should PA-DSS be applied?

The Payment Application Data Security Standard (PA-DSS) is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC).  PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN.  PA-DSS aim is to secure cardholders data, and make online shopping more secure in general.  It could be a surprise for you, but PA-DSS is not needed for 85% of online stores, only 15% (or even less) merchants need it.  Many big names are not PA-DSS compliant: Yahoo Stores, 3dcart, Volusion, Big Commerce are non-compliant for PA-DSS

In short, if customer enter credit data information on your site, you need PCI-DSS compliance (SSL or a payment gateway/ PayPal or Authorize.net).  You need PA-DSS if you are storing credit card data (for subscriptions or payment outside the system).  If you are using SaaS you don’t need it.

If you are interested in more reading material you can find some great ebooks and print books at Amazon.com: PCI Compliance, Fourth Edition: Understand and Implement Effective PCI Data Security Standard Compliance


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zeen is a next generation WordPress theme. It’s powerful, beautifully designed and comes with everything you need to engage your visitors and increase conversions.

Read More
What are the different product or order price discount options available in the shopping cart in Magento EE?