The Payment Application Data Security Standard (PA-DSS) is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC).PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN. In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).
For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 14 protections:
1. Do not retain full magnetic stripe, card validation code or value, or PIN block data.
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities.
8. Facilitate secure network implementation.
9. Cardholder data must never be stored on a server connected to the internet.
10. Facilitate secure remote software updates.
11. Facilitate secure remote access to payment application.
12. Encrypt sensitive traffic over public networks.
13. Encrypt all non-console administrative access.
14. Maintain instructional documentation and training programs for customers, resellers, and integrators.
The most recent version of PA-DSS is 3.0.
What is the difference between PCI DSS and PA DSS?
Short answer: Every organization that handles credit cards needs to comply with PCI DSS, but only vendors that make and sell payment applications need to meet PA DSS requirements.
NFC (Near Field Communications) is a secure, very short-range wireless communication technology that lets two NFC-enabled devices (your smartphone and/or EMC card and NFC-capable payment processing hardware) exchange information.
As such, NFC allows for e-purse payments (e.g., Apple Pay and Google Wallet) on an EMC-capable payment processing device.
EMV (Europay, MasterCard, Visa)
To further enhance the security for authenticating credit and debit card transactions, EMV is a global standard for the interoperability of EMV-compliant integrated circuit cards (IC cards or "chip cards") and EMV-compliant credit cards. Through the use of chip-based cards, compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as a hologram, EMV chip card transactions improve security against fraud.
EMV also allows for e-purse payments (e.g., Apple Pay and Google Wallet) via NFC (Near Field Communications) a secure, very short-range wireless communication technology that lets two NFC-enabled devices (your smartphone and/or EMC card and NFC-capable payment processing hardware) exchange information.
EMV Card Distribution
By the end of 2015, 70% of all U.S. credit cards (and 41% of all U.S. debit cards) will be EMV-enabled.
What This Means for the Business Owner
The increased protection from fraud has allowed banks and credit card issuers to push through a 'liability shift' such that merchants will be held liable (beginning October 1, 2015) for any fraud that results from transactions on systems that are not EMV capable.
What You Need to Do...and When
To protect your most valuable asset—your business—from the liability for card payment fraud, you MUST work with your POS provider to upgrade your non-EMV compliant payment processing equipment. Your POS provider will also discuss compliance with PCI DSS 3.0, the new standards for payment processing.
And the time to upgrade is NOW. Here’s why:
1. You can begin accepting mobile wallet payments immediately and position yourself now for EMV card acceptance
2. You can avoid a likely EMV terminal shortage as 10/1/15 draws closer
3. You will be demonstrating to your customers that cardholder data security is a top priority
The Bottom Line
The October Revolution is coming. Don’t put off until then (or later) what you need to do TODAY. The solution—getting EMV-capable payment processing equipment for your business---is simple. And with it, comes enhanced security and a world of future payment possibilities!