PA-DSS Compliance | PA QSA | PA-DSS Certification

Payment Application Data Security Standards (PA-DSS Compliance) is a set of security requirements for payment applications payment applications Security created by the Payment Cards Industry Security Standards Council (PCI SSC). PA-DSS Compliance audit aims to secure credit and debit cardholders’ sensitive authentication data such as PIN, Magnetic Stripe data, CVV data, etc. as it is stored, processed or transmitted by payment applications.

PA-DSS Compliance and PCI Compliance:

PA DSS standard consists of 13 Requirements which are derived from the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Security Assessment Procedures. Although it is related to the PCI DSS compliance, compliance with PA DSS does not imply PCI compliance. A PA-DSS compliant application would have to be implemented in a PCI compliant environment in order to achieve PCI compliance status.

PA-DSS Applicability:

PA-DSS Compliance applies to “off the shelf” payment applications that are sold without any customization.

PA-DSS Compliance does not apply to payment applications that are developed for and sold to only one customer. Such applications, known as “bespoke” applications are included under the customer’s PCI DSS review.

PA-DSS Compliance does not apply to payment applications developed and used purely in-house by merchants and service providers. These again, will be included within their PCI DSS review.

PA-DSS Compliance with SISA:

SISA’s PA-DSS compliance services include the following:



SISA is a PCI Approved Scanning Vendor (PCI ASV). Our Technical Security Services team renders a plethora of services within the areas of Vulnerability Assessment and Penetration Testing. Our services incorporate simple, fast and cost effective solutions that accelerate your PCI compliance, include round the clock monitoring of your technology infrastructure for vulnerabilities and scheduled quarterly VA scans.

SISA’s Penetration Testing exercises use state of the art tools to attempt to break into your network from a hacker’s perspective. Our methods stimulate the most advanced hacking techniques out there today.

Our VA-PT clients include ecommerce vendors with Internet payment applications, banks, IT and ITES providers, etc.