PA-DSS Validated
As part of the requirements set forth by the PCI Security Standards Council, Retail Anywhere has certified its Point of Sale solutions as PCI PA-DSS (Payment Application Data Security Standard) validated. Validation was achieved with PA-DSS Version 1.2 and conducted by Coalfire, a Payment Application Qualified Security Assessor (PAQSA) authorized by the PCI Security Standards Council. Retail Anywhere’s validated PA-DSS software versions are PC/Register v5.4 and Retail Anywhere POS v7.0.
PCI Security Standards Council Reference Documents:
The following documents provide additional detail surrounding the PCI SSC and related security programs (PA-DSS, PCI DSS, etc):
-
Payment Applications Data Security Standard (PA-DSS)
https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml -
Payment Card Industry Data Security Standard (PCI DSS)
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml -
Open Web Application Security Project (OWASP)
http://www.owasp.org
Difference between PCI Compliance and PA-DSS Validation
As a software vendor, our responsibility is to be “PA-DSS Validated.”
We have performed an assessment and certification compliance review with our independent assessment firm, to ensure that our platform does conform to industry best practices when handling, managing and storing payment related information.
PA-DSS is the standard against which Payment Application has been tested, assessed, and validated.
PCI Compliance is then later obtained by the merchant, and is an assessment of your actual server (or hosting) environment.
Obtaining “PCI Compliance” is the responsibility of the merchant and your hosting provider, working together, using PCI compliant server architecture with proper hardware & software configurations and access control procedures.
The PA-DSS Validation is intended to ensure that the Payment Application will help you achieve and maintain PCI Compliance with respect to how Payment Application handles user accounts, passwords, encryption, and other payment data related information.
The Payment Card Industry (PCI) has developed security standards for handling cardholder information in a published standard called the PCI Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit cardholder data.
The PCI DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where cardholder data is stored, processed or transmitted.
