The PCI Security Standards Council released version 1.1 of the PA-DSS today. The purpose of this program, which was formerly managed by Visa, is to ensure that software vendors and others that develop secure payment applications are not storing prohibited data and are complying with the PCI DSS. It applies to payment applications that are sold, distributed, or licensed to third parties.
Here are a few take aways:- This fall the council will roll out a program to maintain a list of validated payment applications.
- The Council will begin qualifying companies to become Payment Application Qualified Security Assessors (PA-QSAs) who can perform PA-DSS assessments and audits. (see also this post on QSA’s)
- PA-DSS FAQ’s