Element's Hosted Payments eliminates the need for software vendors to spend time and expense achieving and maintaining mandatory PA-DSS compliance and Visa's PABP.

Effective April 8, 2008, all software providers whose applications store, process or transmit payment cardholder data must meet the Payment Application Data Security Standards (PA-DSS) in order for their merchants to comply with the mandated PCI DSS requirements.

How do you know if your application is in scope for PA-DSS?

If in your application cardholder data is directly entered then cardholder data is being collected and your software application is considered a payment application and is in scope for PA-DSS. This could be as simple as a text box input.

As of October 1, 2008, acquiring financial institutions cannot approve merchants for processing that are using non-compliant software. Software providers who are not PA-DSS compliant risk losing customers and damaging their brand. All software providers in-scope for PA-DSS must prove compliance by having their applications validated through an annual security audit performed by a PA-DSS Qualified Security Assessor (QSA).

Since PA-DSS certification can be both time consuming and expensive Element offers an alternative to PA-DSS compliance called Hosted Payments. Hosted Payments allows software providers to remain out of scope for PA-DSS (PABP) and avoid the significant cost and effort of achieving validation. With Hosted Payments, your application is responsible for collecting all of the non-sensitive data needed to perform a payment transaction. Element then handles all of the sensitive cardholder data—leaving your application free of information susceptible to data thieves.

By shifting the responsibility of handling sensitive cardholder data to Element, Hosted Payments removes your software application from the scope of PA-DSS compliance.

Software vendors not only avoid the hassle and cost of achieving compliance. Because Hosted Payments is integrated with the PCI compliant Express Processing Platform, software providers are also able to offer their customers the highest level of protection from cardholder data compromises. In addition, with Element's real-time reporting capabilities, you and the merchants you serve enjoy the same benefits of a fully integrated payment solution.

Options for All Application Types

Element offers Hosted Payments for both distributed and web-based software applications. Both solutions seamlessly integrate with all types of business management software applications.

To learn more about PA-DSS compliance, view our PCI Compliance Guide for Software Providers or view the Hosted Payments White Paper for more information about this innovative solution.