PCI for Payment Applications (PA DSS)

PA DSS stands for payment application, and its goal is to help software vendors develop secure payment applications that do not store prohibited data, and that fully comply with PCI DSS. If you are a software vendor and are looking for pragmatic help with meeting the PA DSS requirements, contact us.

As defined by the PCI SSC,

“Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS.“

As a pending Qualified Security Assessor, we are proud to offer the following PA DSS related services:

Orientation Meeting

During this meeting, GRsee professionals will explain the entire process for satisfying the PCI SSC requirements. In addition, we will determine, along with the customer, the scope of the PA DSS project needed in order to satisfy the PCI SSC requirements. The orientation meeting is given as a service free of charge by GRsee to its customers. 

Conducting PA-DSS Audit

GRsee professionals will audit the payment application according to the PA-DSS requirements. The audit results will be used for the identification of strong and weak points in the payment application, and will focus on the shortest and most efficient path for complying with PCI SSC. 

Identifying Gaps

The audit results will present the gaps between the PA-DSS requirements and the organization’s current status. When needed, recommendations on immediate actions and mitigations to be taken in order to improve the organization’s current status will be given. 

Remediation Process

If needed by the customer, GRsee professionals will be glad to work with the customer on an ongoing basis until all vulnerabilities are addressed and the payment application is aligned with all PA DSS requirements.