Frequently Asked Question

Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?

After 28 October 2022, all previously validated PA-DSS applications will be expired and moved to the "Acceptable Only for Pre-existing Deployments" list on the PCI SSC website. Payment application vendors wishing to maintain active payment application listings after 28 October 2022 should have their payment applications validated to the Secure Software Standard for inclusion on the PCI SSC's List of Validated Payment Software.

Whether the use of payment software validated to the Secure Software Standard is required is determined by the individual payment brand compliance programs. Please contact the applicable payment brand or acquirer to understand any compliance requirements they may have. Payment brand contact details can be found in FAQ 1142 —How do I contact the payment card brands??.

Originally published: November 2021
Article Number: 1547

Featured FAQ Articles