About PA-DSS (Payment Application Data Security Standard) PA-DSS
is the Council-managed program formerly under the supervision of the
Visa Inc. program known as the Payment Application Best Practices
(PABP). The goal of PA-DSS is to help software vendors and others
develop secure payment applications that do not store prohibited data,
such as full magnetic stripe, CVV2 or PIN data, and ensure their
payment applications support compliance with the PCI DSS. Payment
applications that are sold, distributed or licensed to third parties
are subject to the PA-DSS requirements. In-house payment applications
developed by merchants or service providers that are not sold to a
third party are not subject to the PA-DSS requirements, but must still
be secured in accordance with the PCI DSS.
Why is PA-DSS Compliance Important?
PA-DSS
compliant applications help merchants and agents mitigate compromises,
prevent storage of sensitive cardholder data, and support overall
compliance with the PCI DSS. PA-DSS applies only to third-party payment
application software that stores, processes or transmits cardholder
data as part of an authorization or settlement. PA-DSS does not apply
to software applications developed by merchants and agents for in-house
use only. These in-house software applications are covered within a
merchant or agent’s PCI DSS assessment. Azox Credit Card Extension's listing as a validated payment application can be viewed below.
About Visa Security Mandates
Visa
developed the Payment Application Best Practices (PABP) specifications
as part of the CISP/PCI compliance program. The program: · Assists software vendors in creating secure payment applications that help merchants and agents mitigate security compromises.
· Prevents storage of sensitive cardholder data that otherwise might suffer unauthorized access from hackers.
· Supports compliance with the PCI Data Security Standard (PCI-DSS).
Starting
October 1, 2008, Visa began requiring their merchants who use payment
application software to adhere to Visa's Payment Application Best
Practices (PABP). Click here for more information.
PABP Required for Merchant Accounts
Merchant
account providers will NOT ISSUE MERCHANT ACCOUNTS to any company using
application software that is not PABP certified. Companies that use an
uncertified credit card payment solution may be unable to get a
merchant account or may be forced to pay higher rates.
Merchant PCI Requirements
PCI
Compliance is no longer optional, or "nice to have" feature for
businesses accepting credit card payments. All merchants must be in
compliance with PCI or risk being subject to hefty fines.
PCI Compliance: Credit Card Extension
Azox
Credit Card Extension integrates with multiple gateways providing
reliable service and a PCI compliant solution for credit card
processing within Microsoft Dynamics GP.