Critical issues to understand about PA DSS

Critical issues to understand about PA DSS

PCI compliance and PA DSS certification bring two different measures to the table, both of which are important for companies to understand, according to veteran PCI-QSA and PA-QSA Charles Denyer of the NDB Advisory. He said there are critical issues that need to be looked at by any business needing certification.

"Though PA DSS does technically derive itself from the PCI DSS standard, becoming PA DSS compliant does not make an organization PCI DSS compliant," Denyer said. "Furthermore, a PA DSS compliant application should strive at all times to be used ONLY in an environment that is PCI DSS compliant."

Other things to remember, according to Denyer, include determining the application is in the score of PA DSS, learning about the policies, and figuring out the requirements for testing and implementing the appliances.

PA DSS is a set of security guidelines and requirements by the Payment Card Industry Security Standards Council that governs how applications must handle the capture, storage, transmission and processing of cardholder data. PCI compliance encompasses all companies that process, store or transmit credit cards to keep safe payments.