Scope of PA DSS

The Payment Application Data Security Standards ("PA-DSS") applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. 

PA DSS applies to payment applications that are typically sold and installed “off the shelf” without much customization by software vendors or resellers.

PA-DSS applies to payment applications provided in modules, which typically includes a “baseline” application products must module and other modules specific to customer types or functions, or customized per customer request. PA-DSS may only apply to the baseline module if that module is the only one performing payment functions (once confirmed by a PA QSA). If other modules also perform payment functions, PA-DSS applies to those modules as well. Note that it is considered “best practice” for software vendors to isolate payment functions into a single or small number of baseline modules, reserving other modules for non-payment functions. This best practice, though not a requirement, can limit the number of modules subject to PA-DSS and therefore reduce the scope of the PA-DSS assessment. 

Steps to Compliance

PA-DSS Made Easy

The simplest methods of PA-DSS compliance are by removing your software from the PA-DSS Scope of Assessment. This costly burden could be removed altogether based on the level of integration to our Paygistix Payment Gateway. We offer simple all in one integration; as well as, the ability to customize to your specifications.  

See the Paygistix Solution

PCI DSS & PA-DSS Documentation

View or download the full documentation from the Payment Industy Security Standard Council concerning PCI DSS or PA-DSS.

Access Document Library