Frequently Asked Question
Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?
After 28 October 2022, all previously validated PA-DSS applications will be expired and moved to the ‘Acceptable Only for Pre-existing Deployments’ list on the PCI SSC website. Payment application vendors wishing to maintain active payment application listings after 28 October 2022 should have their payment applications validated to the Secure Software Standard for inclusion on the PCI SSC’s List of Validated Payment Software.
Whether the use of payment software validated to the Secure Software Standard is required is determined by the individual payment brand compliance programs. Please contact the applicable payment brand or acquirer to understand any compliance requirements they may have. Payment brand contact details can be found in How do I contact the payment card brands?”.
Featured FAQ Articles
Most Recently Updated
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?