Relationship between PCI DSS and PA-DSS

Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment according to the PA-DSS Implementation Guide provided by the payment application vendor (per PA-DSS Requirement 13.1).

The requirements for the Payment Application Data Security Standard (PA-DSS) are derived from the PCI DSS Requirements and Security Assessment Procedures. The PA-DSS details what a payment application must support to facilitate a customer’s PCI DSS compliance.

Secure payment applications, when implemented in a PCI DSS compliant environment, will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card verification codes and values (CAV2, CID, CVC2, CVV2), and PINs and PIN blocks, along with the damaging fraud resulting from these breaches.


Learn More about PCI DSS

Learn More about PA-DSS


The PCI Data Security Standard's security requirements apply to all systems, networks, environments, and persons that have access to or come into contact with card data or cardholder data.  These extensive and cumbersome requirements extend to all merchants and far beyond the scope of simply allowing merchant software to accept electronic payments.  

Ease the PCI Burden for your Merchants

PCI DSS & PA-DSS Documentation

View or download the full documentation from the Payment Industy Security Standard Council concerning PCI DSS or PA-DSS.

Access Document Library