Payment Card Industry Data Security Standard (PCI DSS) compliance is required of all entities that store, process, or transmit Visa cardholder data, including financial institutions, merchants and service providers. Visa’s programs manage PCI DSS compliance by requiring that participants demonstrate compliance on a regular basis.
PCI DSS compliance
PIN Security Program
Visa is simplifying PIN security compliance validation across all regions.
Payment Application Data Security Standard (PA-DSS)
Payment application vendors with currently validated PA-DSS applications are encouraged to transition to the SSF. Submission of new payment applications for PA-DSS validation will be accepted until 30 June 2021. Existing PA-DSS validated applications will remain on the List of Validated Payment Applications and vendors can continue to submit changes until the PA-DSS program closes on 28 October 2022. When the PA-DSS program officially closes, all PA-DSS validated application listings will be moved to the “Acceptable Only for Pre-existing Deployments” list.
Software Security Framework (SSF)
The PCI Software Security Framework (SSF) is a collection of standards and programs for the secure design and development of payment software. The SSF program is similar to and will replace PA-DSS at the retirement of that standard at the end of October 2022.
Fundamental to the framework are two standards that set the foundation:
- Secure Software Standard
- Secure Software Lifecycle Standard
Learn more at PCI Security Standards Council
Secure Software Standard
The Secure Software Standard provides security requirements for building secure payment software to protect the integrity and the confidentiality of sensitive data that is stored, processed, or transmitted in association with payment transactions. It is intended for vendors that develop payment software that supports or facilitates payment transactions.
As new modules are added to the Secure Software Standard, the program scope will expand to support other types of software, use cases, and technologies.
Secure Software Lifecycle (Secure SLC) Standard
The Secure SLC Standard provides security requirements for payment software vendors to integrate security throughout the entire software lifecycle, which results in software that is secure by design and able to withstand attacks. It is intended for vendors that are developing payment software that supports or facilitates payment transactions.