All software providers whose applications store, process, or transmit payment cardholder data must meet the Payment Application Data Security Standards (PA-DSS) in order for their merchants to comply with the mandated PCI DSS requirements.
If cardholder data is directly entered into your software application, it is considered to be a payment application and falls in scope for PA-DSS (PABP). In practice, this could be as simple as a text box input: the application is still in scope.
As of October 1, 2008, acquiring financial institutions cannot approve merchants for processing that are using non-compliant software. As a result, software providers who are not PA-DSS (PABP) compliant risk losing customers and damaging their brand. All software providers (that are in scope for PA-DSS) must prove compliance by having their applications validated through an annual security audit. A PA-DSS Qualified Security Assessor (QSA) must perform this audit.
Since PA-DSS certification can be both time consuming and expensive, Element offers an alternative to PA-DSS (PABP) compliance called Hosted Payments. Hosted Payments allows software providers to remain out of scope for PA-DSS (PABP) and avoid the significant cost and effort of achieving validation. With Hosted Payments, your application is responsible for collecting all of the non-sensitive data needed to perform a payment transaction. Element then handles all of the sensitive cardholder data—leaving your application free of information susceptible to data thieves. In this way, the responsibility of handling sensitive data is shifted to Element.
Avoiding the hassle and cost of achieving PA-DSS compliance is just one benefit. Protection from cardholder data compromises is another. Because Hosted Payments is integrated with the PCI DSS compliant Express Processing Platform, software providers are able to offer their customers the highest level of protection. Since Hosted Payments allows your application to be fully integrated to the Express Processing Platform, your customers enjoy the same benefits without the risk associated with storing, transmitting or processing cardholder data.
Options for All Application Types
Element offers Hosted Payment interfaces for both distributed and web-based software applications. Each interface integrates seamlessly with all types of business management software applications.
To learn more about PA-DSS compliance, view our PCI Compliance Guide for Software Providers. You can also view the Hosted Payments White Paper for more information about this innovative solution.