PCI-PA-DSS Resources
|
Details ... deadlines ... data security standards ... The Payment Card Industry can make life difficult for even the most compliance-conscious campus. Relax. TouchNet has the resources needed to restore order and sanity in the realm of payment data security. What is PA-DSS?Payment Application Data Security Standard (PA-DSS) is the certification that all vendor applications which accept, process, or store payment card information must meet. Unlike the PCI DSS, this is a standard for software developers. As a merchant, you are required to use PA-DSS certified applications for all of your vendor solutions which take payment. All applications that touch sensitive card data must be certified by July 1, 2010, or earlier based on the schedule below, or your campus will risk losing card acceptance privileges. Here is a link to the actual PA-DSS security standard: www.pcisecuritystandards.org/security_standards/pa_dss.shtml |
PCI-PA-DSS Solution Kit |
Important Dates
| Phase | Compliance Mandate | Effective Date |
|---|---|---|
| 1 | Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications. | 1/1/08 |
| 2 | VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant. | 7/1/08 |
| 3 | Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications. | 10/1/08 |
| 4 | VNPs and agents must decertify all vulnerable payment applications. | 10/1/09 |
| 5 | Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications. | 7/1/10 |
Source: http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
What is PCI DSS?
Payment Card Industry Data Security Standards (PCI DSS) is a detailed set of security requirements that applies to all merchants with regard to payment card acceptance. If you take credit card payments anywhere in your institution, you are a merchant. All merchants are required to be compliant with PCI DSS.
Here is a link to the PCI DSS standards, which ALL merchants must comply with: https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf
Are Your Vendors Certified?
Think of all of the applications that accept credit card payments for your institution. Every place a credit card number is entered, processed, or stored is considered a payment application and must be PA-DSS compliant. TouchNet is fully certified for compliance with both PA-DSS and PCI DSS. If you have payment applications provided by other third party vendors, here is the link to the official website to see if they are compliant.
A complete Validated Payment Applications list can be found here on the PCI Council's website:https://www.pcisecuritystandards.org/security_standards/vpa/
Who's in Charge of the PCI DSS and the PA-DSS?
The PCI Security Standards Council is in charge of maintaining both sets of standards. The Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the Data Security Standard.
Here is a link to the https://www.pcisecuritystandards.org
PCI-PA-DSS Resources
|
Details ... deadlines ... data security standards ... The Payment Card Industry can make life difficult for even the most compliance-conscious campus. Relax. TouchNet has the resources needed to restore order and sanity in the realm of payment data security. What is PA-DSS?Payment Application Data Security Standard (PA-DSS) is the certification that all vendor applications which accept, process, or store payment card information must meet. Unlike the PCI DSS, this is a standard for software developers. As a merchant, you are required to use PA-DSS certified applications for all of your vendor solutions which take payment. All applications that touch sensitive card data must be certified by July 1, 2010, or earlier based on the schedule below, or your campus will risk losing card acceptance privileges. Here is a link to the actual PA-DSS security standard: www.pcisecuritystandards.org/security_standards/pa_dss.shtml |
PCI-PA-DSS Solution Kit |
Important Dates
| Phase | Compliance Mandate | Effective Date |
|---|---|---|
| 1 | Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications. | 1/1/08 |
| 2 | VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant. | 7/1/08 |
| 3 | Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications. | 10/1/08 |
| 4 | VNPs and agents must decertify all vulnerable payment applications. | 10/1/09 |
| 5 | Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications. | 7/1/10 |
Source: http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
What is PCI DSS?
Payment Card Industry Data Security Standards (PCI DSS) is a detailed set of security requirements that applies to all merchants with regard to payment card acceptance. If you take credit card payments anywhere in your institution, you are a merchant. All merchants are required to be compliant with PCI DSS.
Here is a link to the PCI DSS standards, which ALL merchants must comply with: https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf
Are Your Vendors Certified?
Think of all of the applications that accept credit card payments for your institution. Every place a credit card number is entered, processed, or stored is considered a payment application and must be PA-DSS compliant. TouchNet is fully certified for compliance with both PA-DSS and PCI DSS. If you have payment applications provided by other third party vendors, here is the link to the official website to see if they are compliant.
A complete Validated Payment Applications list can be found here on the PCI Council's website:https://www.pcisecuritystandards.org/security_standards/vpa/
Who's in Charge of the PCI DSS and the PA-DSS?
The PCI Security Standards Council is in charge of maintaining both sets of standards. The Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the Data Security Standard.
Here is a link to the https://www.pcisecuritystandards.org