Looking for something?

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Does PA-DSS apply to my in-house application?

    PA-DSS does NOT apply to a payment application developed for and sold to only one customer since this application will be covered as part of the customer's normal PCI-DSS compliance review. Please note, that such an application (which may be referred to as a "bespoke" application) is sold to only one customer (usually a large merchant or service provider), and it is designed and developed according to customer-provided specifications. PA-DSS also does NOT apply to payment applications developed by Merchants and Service Providers if used only in-house (not sold to a Third-Party), since this in-house developed payment application would be covered as part of the Merchant or Service Provider's normal PCI-DSS compliance.

    However, using the PA-DSS as a guide to development will help to ensure that the application does not hinder the entity's PCI-DSS compliance and therefore can be utilized as a best practice for bespoke and in-house payment applications. The entity may choose to have its application assessed by a PA-QSA to satisfy its internal security requirements, however, this application, if certified to be PA-DSS compliant, would not be listed by the PCI-SSC.

    Was this article helpful?

    Still can't find
    what you are looking for?

    Our award-winning customer care team is here for you.

    Contact Support

    Knowledge Base Software by