When people think of payment card industry compliance, they naturally think of PCI DSS compliance. And to be fair, the vast majority of organizations undergoing PCI DSS compliance are merchants and service providers who have to either conduct their own self assessment or go through an on-site assessment with a Qualified Security Assessor (QSA).
But here’s what else you need to know about payment card industry compliance and how it could affect you.
Payment Application Data Security Standard (PA-DSS)
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.
Pin Entry Devices (PED)
To gain approval by PCI Security Standards Council, PIN entry devices must comply with the requirements and guidelines specified by a number of documents listed on the PCI SSC website.
In summary, these are two additional compliance initiatives outside of the traditional PCI DSS assessments that many people are not familiar with. I’ll be covering these in a much more in-depth manner in subsequent blogs.