+91 9324813180
+1 4847906355
+63 9208320598
+44 1519470017
+84 908370948
+7 9639173485
+62 81808037776
+90 5441016383
+66 993367171
+254 725235855
+256 707194495
+46 700548490FAQ's
PCI Software Security Standard Certification
PCI SSS is the revised version for the previous PA DSS standard The new standard is coupled with PCI SLC to form PCI SSF altogether.
How do the \"objective-based\" requirements in the Software Security Framework differ from those in the PA-DSS?
The procedures and security controls that must be\r\nused to achieve a specific security target are specified by PA-DSS regulations.\r\nThe SSF is in favour of the Customized Approach in PCI DSS version 4.0 and the\r\nPCI 3-D Secure (3DS) security standards, which describe security criteria as\r\nsecurity objectives and allow for more flexibility in how requirements are\r\naccomplished.
This method, known as \"goal-based,\" acknowledges that\r\nthere are frequently numerous approaches to achieve a specific security aim.
To Whom Does The Secure Software Standard Apply?
The Secure Software Standard is intended for payment software/applications that are sold, distributed, or licensed to third parties. This includes payment software intended to be installed on customer systems as well as payment software deployed to customers ”as a service” over the Internet.
What Are The Exceptions To Secure Software Standard ?
The exceptions to Secure Software Standard, include the applications developed in-house for the sole use of the company that developed the software. Also, the softwares that are developed and sold to a single customer for the sole use of that customer fall in the exception.
When Must Payment Software Be Revalidated?
What Is The Relationship Between The PCI Software Security Framework And PA-DSS?
Does Validation Or Qualification Under The PCI Software Security Framework Result In Validation To Any Other PCI Standards?
A Validation or qualification under the PCI Software Security Framework does not imply or result in validation to any other PCI standard. However, elements of other PCI standards and programs may be incorporated under the PCI Software Security Framework at some point in the future. If and when that will occur will be communicated well in advance of any transition from an existing or future standard or program to the PCI Software Security Framework.
Can Merchants Continue To Use PA-DSS Validated Applications After October 2022?
A PA-DSS validated applications are moved to the “Acceptable Only for Pre-Existing Deployment” when the validation expires. For applications validated to PA-DSS version 3.2 this will occur at the end of October 2022 and the PA-DSS program will close. See FAQ 1195 for further information about applications listed as “Acceptable Only for Pre-Existing Deployment”
Does PCI SSC Provide A List Of Payment Software That Is Validated To The PCI Secure Software Standard?
Yes. Upon successful validation to the Secure Software Standard, payment software is added to the List of Validated Payment Software on the PCI SSC website.