White Paper

White Paper: Removing Software Vendors From The Scope Of PA DSS

By Don Schroeder, Chief Technology Officer, Element Payment Services, Inc.

To appreciate the benefits of Element's new Hosted Payments, it's important to first understand the origins of the Payment Application Data Security Standards ("PA DSS"), and to understand how the PA DSS relates to, and is dependent on, the Payment Card Industry Data Security Standards ("PCI DSS").

The requirements for PA DSS are based on, and derived from, PCI DSS. PCI DSS is a comprehensive set of requirements that applies directly to merchants and payments service providers. PCI DSS describes in great detail all of the necessary requirements to ensure a secure environment for accepting cardholder data. This includes any software applications within the environment that store, process, or transmit cardholder data. PCI DSS, however, does not directly apply to the merchants' software vendors. Because the software vendors do not store, process, or transmit cardholder data they are not directly in scope of PCI DSS. Software vendors' applications, however, should facilitate and not prevent their customers/merchants from complying with PCI DSS. This is the origin and catalyst for PA DSS.

access the White Paper!

Get unlimited access to:
Trend and Thought Leadership Articles
Case Studies & White Papers
Extensive Product Database
Members-Only Premium Content
Welcome Back! Please Log In to Continue. X

Enter your credentials below to log in. Not yet a member of VAR Insights? Subscribe today.

Subscribe to VAR Insights X

Please enter your email address and create a password to access the full content, Or log in to your account to continue.

or

Subscribe to VAR Insights

Please tell us more about you so that we can customize our newsletters to your specific interests: