Payment Application Data Security Standard (PA-DSS)
PA-DSS is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS.
PA-DSS Security Audit Procedures
pdf | doc
Summary of PABP to PA-DSS Changes
PABP to PA-DSS Transition
pdf | doc
QSA Validation Requirements - PA-QSA
Program Guide
PCI PA-DSS FAQs