PCI PA-DSS Validation

PCI Payment Application Data Security Standard (PCI PA-DSS)

PCI PA-DSS is aimed at companies that develop software which processes card data of the international payment schemes American Express, Discover, JCB, MasterCard and Visa. Web-Shop software, payment solutions or client-management systems are examples of software products that need to be PCI PA-DSS certified. PCI PA-DSS aims to support secure software application development and to protect sensitive data (e.g. credit card data).

PCI PA-DSS certification helps you as a software developer to support your customers in their migration to PCI DSS. Independent evaluation and certification will not only benefit your customers but will also strengthen the trust in your products.

PCI PA-DSS Workshop

SRC supports and consults software developers in their implementation of the PCI Payment Application Data Security Standard requirements, for instance with an introductory Workshop. The Workshop has two main objectives: first of all to provide the service provider with a comprehensive understanding of the PCI PA-DSS requirements and their interpretation, in particular from an auditor’s perspective. Secondly, for SRC to gain a detailed understanding of the software, the software architecture, the development process and the implemented or planned security measures. As part of the Workshop scope, the evaluation methodology as well as the work items will be discussed.

PCI PA-DSS Software Validation

SRC provides software validation on the basis of the PCI PA-DSS requirements. More specific, our evaluation is based on the „Payment Card Industry (PCI) Payment Application Data Security Standard - Requirements and Security Assessment Procedures “ document, which summarises the software requirements with respect to the PCI Data Security Standard. In scope of the validation, SRC will evaluate to what extent the documented requirements have been implemented.

The PCI PA-DSS validation will be performed stepwise:

  • Pre-analysis and evaluation of manufacturer documents
  • Software validation
  • Onsite audit/interviews
  • Drafting and finalising the report

After positive evaluation of the PCI PA-DSS Software Validation results by the PCI SSC, the application software respectively the product will be listed on the “List of validated payment applications”, available on the Internet.

Contact Persons

Thilo W. Pannen
Detlef Kraus

Telephone: +49(0)228 2806-166
Telefax: +49(0)228 2806-199

PCI DSS Newsletter

Since 1 July 2008 we offer the opportunity to subscribe to our free of charge newsletter. If you are interested, please send a mail message to  pci-news[at]src-gmbh.de with subject "subscribe".