 MasterCard Webinar
Get Smart on PA-DSS Today
VeriFone talks compliance on MasterCard webinar series View the Webinar  The PCI Security Standards Council (PCI-SSC) has officially announced a significant enhancement to US payment security that has far reaching operational consequences for any company involved in the development, testing, deployment or certification of payment transaction systems. The new mandate requires that all "payment applications" (including those deployed in terminals to Level 3 and 4 merchants) must now be certified under the new PA-DSS (Payment Application – Data Security Standard) on a continuous basis using approved Payment Application - Qualified Security Assessor (PA-QSA) laboratories. PA-QSAs are third-party security auditors which are certified by the PCI-SSC to consistently and positively verify that all payment applications meet new security standards.
In response, VeriFone has begun submitting new applications to the proper auditing firms to ensure compliance with the security mandate, and just announced an aggressive program to achieve formal PA-DSS certification of the ubiquitous SoftPay application, which instantly provides an unprecedented path to compliance for more than 2 million payment devices in the United States and Canada. View the Press Release
Webinars
Software
VeriFone is continually innovating to maintain the highest standards with a wide range of global PCI accepted payment software solutions. The PCI Security Standards Council is transferring payment applications validated according to PABP version 1.4 to the List of PA-DSS Validated Applications for 24 months, before a PA-DSS review will be required.
Related Links
Important Legal Information about PA-DSS
Legal Terms and Conditions
Acceptance of a given payment application by the PCI Security Standards Council, LLC (PCI SSC) only applies to the specific version of that payment application that was reviewed by a PA-QSA and subsequently accepted by PCI SSC (the “Accepted Version”). If any aspect of a payment application or version thereof is different from that which was reviewed by the PA-QSA and accepted by PCI SSC – even if the different payment application or version (the “Alternate Version”) conforms to the basic product description of the Accepted Version – then the Alternate Version should not be considered accepted by PCI SSC, nor promoted as accepted by PCI SSC.
No vendor or other third party may refer to a payment application as “PCI Approved” or “PCI SSC Approved”, and no vendor or other third party may otherwise state or imply that PCI SSC has, in whole or part, accepted or approved any aspect of a vendor or its services or payment applications, except to the extent and subject to the terms and restrictions expressly set forth in a written agreement with PCI SSC, or in a PA-DSS letter of acceptance provided by PCI SSC. All other references to PCI SSC’s approval or acceptance of a payment application or version thereof are strictly and actively prohibited by PCI SSC.
When granted, PCI SSC acceptance is provided to ensure certain security and operational characteristics important to the achievement of PCI SSC’s goals, but such acceptance does not under any circumstances include or imply any endorsement or warranty regarding the payment application vendor or the functionality, quality, or performance of the payment application or any other product or service. PCI SSC does not warrant any products or services provided by third parties. PCI SSC acceptance does not, under any circumstances, include or imply any product warranties from PCI SSC, including, without limitation, any implied warranties of merchantability, fitness for purpose or non-infringement, all of which are expressly disclaimed by PCI SSC. All rights and remedies regarding products and services that have received acceptance from PCI SSC, shall be provided by the party providing such products or services, and not by PCI SSC or any payment brands.”
|
 IMPORTANT INFORMATION
“Security is a never‐ending race against potential attackers. As a result, it is necessary to regularly review, update and improve the security requirements used to evaluate payment applications. As such, PCI SSC will endeavor to update payment application security requirements every 24 months.”
Source:
PCI PA-DSS Program Guide v. 1.1
“The goal of PA‐DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA‐DSS requirements.”
Source:
PCI SSC Web Site
|
