Payment Application Best Practices (PABP) was formalized on April 15, 2008 by the PCI SSC as the Payment Applications Data Security Standards (PA-DSS) and thus became a fully enforceable standard that software developers must comply with.
Software developers can choose to be compliant by hiring a Payment Application Qualified Security Assessor (PA-QSA), with the initial cost of tens of thousands of dollars plus regular audits, applications and potential remediation, this option is often too expensive and burdensome for most software developers.
Ideally software developers should limit their compliance burden by limiting or eliminating the scope of compliance. By reducing or eliminating the number of requirements listed in the PA-DSS, software developers can reduce their cost of development while providing payment options to their end-users that will help these merchants stay compliant with PCI DSS.
Software developers that choose not to meet these standards open themselves to financial liability for those merchants that utilize their software and ultimately, financial ruin. Software sales to merchants will eventually decline or even disappear as merchants will refuse to accept the burden of financial liability that non-compliant software brings along as with it.