Effective April 8, 2008, all software providers whose applications store, process or transmit payment cardholder data must meet PA-DSS requirements in order for their merchants to comply with the mandated Payment Card Industry Data Security Standard (PCI DSS).
How do you know if your application is in scope for PA-DSS?
If in your application, cardholder data is directly entered (this could be as simple as a text box input) then cardholder data is being collected and your software application is also considered a payment application and is in scope for PA-DSS.
As of October 1, 2008, acquiring financial institutions cannot approve merchants for processing that are using non-compliant software. Software providers who are not compliant risk losing customers and damaging their brand.
All software providers in-scope for PA-DSS must prove compliance by having their applications validated through an annual security audit performed by a PA-DSS (PABP) Qualified Security Assessor (QSA).
Since PA-DSS certification can be both time consuming and expensive Element offers an alternative to PA-DSS compliance, Hosted Payments.
Hosted Payments allows software providers to remain out of scope for PA-DSS (PABP), and avoid the significant cost and effort of achieving validation. With Hosted Payments, your application is responsible for collecting all of the non‐sensitive data needed to perform a payment transaction. Element then handles all of the sensitive cardholder data—leaving your application free of information susceptible to data thieves.
By shifting the responsibility of handling sensitive cardholder data to Element, Hosted Payments removes your software application from the scope of PA-DSS compliance.
Software vendors not only avoid the hassle and cost of achieving compliance, but because Hosted Payments is integrated with the PCI compliant Express Processing Platform, software providers are able to offer their customers the highest level of protection from cardholder data compromises. In addition, with Element's real-time reporting capabilities, you and the merchants you serve enjoy the same benefits of a fully integrated payment solution.
Options for All Application Types
Element offers Hosted Payments, for both distributed and Web-based software applications. Both solutions seamlessly integrate with all types of business management software applications.
To learn more about PA-DSS compliance, view our PA-DSS / PCI Compliance FAQ for Software Providers or view the Hosted Payments White Paper for more information about this innovative solution.