What is PCI & PA DSS?

• Home
• SIP Solutions
• Why SIP?
• What is SIP?
• What is PCI & PA DSS?
• Get Started
• Contact
• Company

What is PCI DSS and PA DSS?

PCI DSS

The Payment Card Industry Data Security Standard, or PCI DSS for short, is a set of requirements that all businesses—regardless of size—must adhere to in order to accept payment cards. The purpose is to ensure the security of cardholder data and to help prevent credit card fraud, hacking, and other security issues.

It is enforced by the major credit card companies that make up the Payment Card Industry Security Council —American Express, Discover, JCB, MasterCard and Visa.  Snap-In Payment's partners reside on the board of the PCI Security Standards Council helping us create the most cost-effective
and secure payment processing available!

PA-DSS and PABP

Several years ago, Visa developed the Payment Application Best Practices (PABP). The purpose of the program was to guide software vendors in creating secure applications. Another goal was to support merchants' overall compliance with PCI DSS.

Since its inception, however, there has been no widespread adoption of PABP. Without mandates or penalties, software vendors lacked a viable business case to justify the inordinate time and expense required to achieve compliance with PABP. All that changed on April 15, 2008, when the PCI Security Standards Council published the Payment Application Data Security Standard, PA-DSS. In doing so, Visa's PABP was effectively transitioned into an enforceable security standard.

PA-DSS applies to software developers and integrators of applications that store, process or transmit payment cardholder data as part of authorization or settlement. It also applies to these applications that are sold, distributed or licensed to third parties.

PA-DSS and PCI DSS At-A-Glance

• What They Are: Security standards developed by the payment card industry.
• What They Do: Help merchants and software providers proactively protect cardholder data.
• Who They Apply To: Any company or organization that handles cardholder data.
• What They Require: Specific technical steps to protect cardholder data.
• Penalties for Non-Compliance: Range from fines to loss of card-processing and sales privileges.