Dara Security

PA-DSS Validation

A payment application software vendor must have their payment application undergo a PA-DSS validation. The result of this will be the generation of a Report on Validation (RoV) that will validate this type of payment application with the various PA-DSS control requirements, itemized below:

    Do not retain full magnetic stripe, card validation code or value


    Protect stored cardholder data


    Provide secure authentication features


    Log payment application activity


    Develop secure payment applications


    Protect wireless transmissions


    Test payment applications to address vulnerabilities


    Facilitate secure network implementation


    Cardholder data must never be stored on a server connected to the Internet


    Facilitate secure remote access to payment application


    Encrypt sensitive traffic over public networks


    Encrypt all non-console administrative access


    Maintain instructional documentation and training programs for customers, resellers, and integrators



A key component of the PA-DSS validation and often overlooked is the PA-DSS Implementation Guide. This must be completed prior to a review. Dara Security can assist in the development of the Implementation Guide required for PA-DSS validation to ensure it contains all needed details.

 

Dara Security's consultants are experts in understanding both the technical aspects as well as the business aspects of payment applications. As a QSA and PA-QSA certified company, Dara Security understands the full payment lifecycle from the application level to implementation within a merchant's cardholder data environment.

 

Notice: PCI DSS and PA-DSS v3.1 Revisions Coming