PA-DSS and How It Affects Firms Taking Credit Cards

In the Internet era, the risk of data theft in an enterprise environment is extremely high. The resulting impact on consumers can be immense. Responding to growing concerns over data security breaches and theft of credit card information, Visa and the Payment Card Industry have developed two security standards;

• PA-DSS (Payment Application Data Security Standards) to govern credit card application software developers

• PCI (Payment Card Industry) Security Standards to ensure merchants who accept credit cards are providing adequate security safeguards to protect sensitive credit card information.

The PCI Security Council mandates that any merchant accepting credit cards must be PCI compliant. What this means is that merchants’ IT infrastructure must be secured and verified. If credit card information is stored, it must be encrypted with advanced algorithms and protected with dual split control and an access audit trail must be provided. In addition, if the merchant uses credit card software, the application must be PA-DSS certified.

In recent years, Visa announced a long-range, multi-phase plan to enforce compliance of these security standards. The Phase V mandate will take effect on July 1, 2010. This mandate states that financial institutions must ensure that their merchants use PA-DSS certified credit card payment applications and comply with PCI security requirements. Failure to do this may result in a hefty fine to both merchant and financial institution should a data security breach occur.

This article was provided by Nikki Nguyen of Nodus. Nodus is a premier provider of credit card processing software for MS Dynamics GP. They offer fully compliant components. For any questions or concerns, please contact Nodus at 909-482-4701 or visit our website at www.nodus.com