PA-DSS is the Payment Card Industry Security Standards Council managed program for payment applications. For purposes of PA-DSS, a payment application is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties. The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI Data Security Standard. PSC is certified as a Payment Applications Qualified Security Assessor company (PA-QSA) for the PCI Security Standards Council to perform PA-DSS assessments on payment applications.
PSC also offers assessment services to validate whether an application is applicable for PA-DSS compliance or not. If the application is not acceptable, PSC can prepare an attestation letter that a software developer may provide to their customers, stating their application does not store, process or transmit cardholder data and is not applicable for PA-DSS compliance.