Dara Security

PA-DSS Validation

A payment application software vendor must have their payment application undergo a PA-DSS validation. The result of this will be the generation of a Report on Validation (RoV) that will validate this type of payment application with the various PA-DSS control requirements, itemized below:

    Do not retain full magnetic stripe, card validation code or value

    Protect stored cardholder data

    Provide secure authentication features

    Log payment application activity

    Develop secure payment applications

    Protect wireless transmissions

    Test payment applications to address vulnerabilities

    Facilitate secure network implementation

    Cardholder data must never be stored on a server connected to the Internet

    Facilitate secure remote access to payment application

    Encrypt sensitive traffic over public networks

    Encrypt all non-console administrative access

    Maintain instructional documentation and training programs for customers, resellers, and integrators

A key component of the PA-DSS validation, and often overlooked, is the PA-DSS Implementation Guide. This must be completed prior to a review. Dara Security can assist in the development of the Implementation Guide required for PA-DSS validation to ensure it contains all needed details.


Dara Security's consultants are experts in understanding both the technical aspects as well as the business aspects of payment applications. As a QSA and PA-QSA certified company, Dara Security understands the full payment lifecycle from the application level to implementation within a merchant's cardholder data environment.


Notice: PCI DSS and PA-DSS v3.1 Revisions Coming