Compliance Whitepaper: Hosted Payments - Removing Software Vendors from the scope of PA DSS

Hosted Payments - Removing Software Vendors from the scope of PA DSS

Introduction

To appreciate the benefits of Element’s new Hosted Payments, it’s important to first understand the origins of the Payment Application Data Security Standards (“PA DSS”), and to understand how the PA DSS relates to, and is dependent on, the Payment Card Industry Data Security Standards (“PCI DSS”).

The requirements for PA DSS are based on, and derived from, PCI DSS. PCI DSS is a comprehensive set of requirements that applies directly to merchants and payments service providers. PCI DSS describes in great detail all of the necessary requirements to ensure a secure environment for accepting cardholder data. This includes any software applications within the environment that store, process, or transmit cardholder data. PCI DSS, however, does not directly apply to the merchants’ software vendors. Because the software vendors do not store, process, or transmit cardholder data they are not directly in scope of PCI DSS. Software vendors’ applications, however, should facilitate and not prevent their customers/merchants from complying with PCI DSS. This is the origin and catalyst for PA DSS.

PA DSS applies directly to any software vendor’s application sold, distributed, or licensed to third parties that stores, processes, or transmits cardholder data. The benefit of Element’s Hosted Payments is that it provides software vendors with the ability to deliver fully integrated payment solutions without the need to store, process, or transmit cardholder data; thus removing them from the scope and difficulty of PA DSS compliance.

Purpose

The purpose of this document is to describe how Element Payment Services, Inc’s. new Hosted Payments services can remove software vendors from the scope of the PA DSS; and eliminate the untold time and expense which will be required to achieve and maintain PA DSS compliance. With Hosted Payments software vendors can also remove a significant financial risk related to providing applications that include integrated payment solutions. The expected audience is software vendors and others who develop applications that store, process, or transmit cardholder data.

Click Here to read the complete Whitepaper...

\| ARTICLES \| WEBINARS \| SIGN UP \| EVENTS \| SPONSORS \| PARTNERS \| EXPERTS \| ABOUT \| CONTACT \| PRIVACY POLICY \| UNSUBSCRIBE \|
Copyright ©2009 The Compliance Authority, Inc.