GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

What will be in merchants' stockings this year - caviar or coal?


Industry Update

Farewell PABP, hello PA DSS

Visa, AmEx settlement no biggie for merchants

More public steps for bankcard heavyweights

Optimal socked by Internet gambling regs

Go international in real-time

It sings, it instructs, it's a gift card

Mobile checkout moving up


Data breaches pique interest

Travis K. Kircher

Growing on the 'Inside'


Art imitates life or does life imitate art?

Patti Murphy
The Takoma Group

Stay ahead with a checklist

Biff Matthews
CardWare International


Street SmartsSM:
We're all in the PCI loop, like it or not

Dee Karawadra
Impact PaySystem

What to watch in the coming months

Rob Drozdowski
Electronic Transactions Association

Using e-mail effectively: Copy and design

Nancy Drexler
Marketing Moguls

Security breaches costly to all

David Mertz
Compliance Security Partners LLC

Turning negatives into positives

Steve Schwimmer
Renaissance Merchant Services

Opportunity knocks at your online door

Curt Hensley
CSH Consulting Inc.

Liability limbo: Where will you land?

Adam Atlas
Attorney at Law

Company Profile

FirstView Financial LLC


New Products

A cherry of a keyboard

Cherry LPOS Qwerty Keyboard
Cherry Corp.

Sign on the dotted line - online

ContractPal Inc.


Holiday survival guide





Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 26, 2007  •  Issue 07:11:02

previous next

Farewell PABP, hello PA DSS

The Payment Card Industry (PCI) Security Standards Council, which manages the PCI Data Security Standard (DSS) and the PCI PIN Entry Device Security Requirements, just took another step forward in ensuring protection of cardholder account information.

The council adopted the Payment Application Data Security Standard (PA DSS), based on Visa Inc.'s Payment Application Best Practices (PABP).

This new standard will give the council the ability to establish and promote criteria for secure applications in all payment card transactions.

Secure payment applications help promote merchant PCI DSS compliance. When implemented in a PCI DSS-compliant environment, PA DSS validated applications will minimize the potential for security breaches that lead to compromises of magnetic stripe data, card validation codes and values, PINs, and PIN blocks.

The PA DSS applies to all payment application providers, but individual payment brands will determine whether the standards will be mandatory.

"With the PA DSS managed by the council, we will ensure that payment application providers and their products are subject to data security requirements consistent with the current PCI Security Standards Council," said Bob Russo, General Manager of the council.

"As criminals become more sophisticated and payment application vulnerabilities are realized by our membership, we must ensure that all components of the payments process are subject to rigorous standards that are supported by all of the global payment card brands with a single goal in mind: to protect cardholder data and combat fraud," he said.

Reinforcing data security

The PCI council's assumption of responsibility for the PA DSS brings certain benefits:

A final version of the PA DSS will be published in the first quarter of 2008. Thereafter, the PCI council will certify PA DSS specific QSAs to validate the payment applications.

A list of frequently asked questions about the PA DSS is available at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios