If you develop payment application software, you must ensure that it is secure and compliant with PA DSS. Read on to learn more about the payment application security standard.
What You Need to Know About PA DSS
The Payment Application Data Security Standard (PA DSS) is a part of PCI DSS and is a global security standard. PA DSS applies to the development of payment application software. What’s more, if you are a software vendor that makes and sells payment applications, you must comply with PA DSS. This is to ensure the security of all of your software components. Compliance is essential because if you do not comply, you could receive massive fines.
Important Requirements for PA DSS Compliance
The PA DSS requirements apply to the storing, processing and transmitting of cardholder data and sensitive authentication data. There are 14 requirements that every organization that handles credit card information must follow:
- Do not retain full track data, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data.
- Protect stored cardholder data.
- Provide secure authentication features.
- Log payment application activity.
- Develop secure payment applications.
- Protect wireless transmissions.
- Test payment applications to address vulnerabilities and maintain payment application updates.
- Facilitate secure network implementation.
- Cardholder data must never be stored on a server connected to the internet.
- Facilitate secure remote access to payment applications.
- Encrypt sensitive traffic over public networks.
- Secure all non-console administrative access.
- Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators.
- Assign PA-DSS responsibilities for personnel. And maintain training programs for personnel, customers, resellers, and integrators. The Steps to Achieve PA DSS Compliance.
There are five simple steps in order to comply with PA DSS:
- Comply with Requirement 5, which outlines the process for how to develop secure payment applications.
- Apply coding standards, such as OWASP, CWE, and CERT.
- Train developers in secure coding.
- Use a SAST tool to enforce PA DSS requirements automatically.
To read more, please visit: https://www.perforce.com/blog/kw/what-is-pa-dss