PA-DSS

PA-DSS is the standard of security of payment applications (Payment Application Data Security Standard) based on requirements of Visa Inc. Payment Application Best Practices (PABP) and directed to support of fulfillment of requirements of the PCI DSS standard. PA DSS is developed and accepted in 2008 by Council for security of the industry of payment cards (PCI SSC). According to requirements of VISA and MasterCard payment systems all applications participating in transaction processing of authorization or carrying out calculations for plastic cards (authorization or clearing/settlement) should be certified according to the PA-DSS standard.

2019: SPoC Standard will succeed PA DSS Impact

On May 30, 2019 it became known that support of the PA DSS Impact standard will end by 2022 then Council for standards of security of the industry of the PCI SSC payment cards will suggest clients to use SPoC Standard.

It was declared by the director of the European department of Council for standards of security of the industry of the PCI SSC payment cards Jeremy King.

According to him, it is a method which will allow to accept payments according to maps via phone with function of reading cards. The application will have the safe interface. The PIN code will be ciphered, pass in the offered standard in a system, and only after that to go to the systems of bank. According to D. King, it is a fast and easy way of expansion of availability of such payments.

Besides, the expert announced carrying out updating of the standard of security of PIN. The special program of assessment of PIN in which the expert-appraiser will analyze security status of the code will be provided in the standard.

As D. King noted, modern criminals theft of data try to monetize them. As a result,  security of payments is a universal call.

For effective counteraction to changes in fraudulent technicians, 6 of 14 standards existing for May, 2019 on all cycle of passing of payment will be updated until the end of 2019, D. King noted.

Among them – the fundamental standard of protection of payments PCI DAAT Security Standard. It is expected that in October the company will receive a request for a feedback from experts in updating of this standard.

One more change is expected for the standard of assessment of the software Secure Software. For this purpose to developers as the expert told, the full stroke of operation and validation of software then by the end of 2019 the program will be presented is necessary^[1].

2016: PA-DSS 3.2

Council for standards of security of the industry of payment cards (PCI SSC) published in the spring of 2016 version 3.2 of the standard of data security for the payment software of PA-DSS. The standard of data security for software applications is used by developers to provide protection against data theft when using their software products. TSP and other organizations in the world use the software checked for compliance to the PA-DSS standard (PA-DSS Validated) that guarantees them a possibility of safe payment acceptance as in physical shops, and via the Internet. Use of such software also helps the companies with their work on data security provision of payment cards in their systems and networks, according to requirements of more complete standard of PCI DSS.

PA-DSS of version 3.2 will be approved with recent release of PCI DSS of version 3.2; both of these standards are directed to protection of payment customer information against the growing threat. Updates of standards are developed on the basis of the comments received from more than 700 participating organizations of Council of PCI from different regions of the world, outputs of the report on date leak cases and also taking into account changes in the field of payment acceptance.

To important changes in PA-DSS of version 3.2 explanations belong to the existing requirements and updating of requirements for reduction in compliance with PCI DSS v3.2. Also detailed instructions to products of the supplier ("The guide to implementation of PA-DSS") which explain how it is correct to configure payment applications are updated, having provided their compliance with PCI DSS. It concerns procedures of safe installation of corrections and updates of programs and also instructions for data protection about holders of cards when using magazines of debugging for troubleshooting as they (magazines of debugging) can be used by swindlers in a row a case of a compromise of data.

See Also:

• PCI DSS - Payment Card Industry Data Security Standard - An information protection standard in the field of payment cards
• Projects of external audit of IT and security (in tch PCI DSS and SUIB)

Notes