If a merchant is using a payment application listed as “acceptable only for pre-existing deployments”, is the merchant allowed to install more copies of the application?
Compliance validation programs are managed by the individual payment brands, not by the PCI Security Standards Council. Payment brand validation programs may include whether certain applications must be PA-DSS validated, under what conditions non-PA-DSS applications may be used, timeframes for mandatory use of PA-DSS applications, reporting requirements, due dates, fines and penalties, etc. For information about individual payment brand compliance programs, please contact your acquirer (merchant bank) or the payment brands directly.
Questions related to new installations of a payment application listed as “acceptable only for pre-existing deployments”, including how onboarding or transferring of merchant accounts may affect use of these applications, should be addressed to the acquirer and/or applicable payment brand
Article Number: 1175