Frequently Asked Question
What are the PA-DSS Expiry Dates?
The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application to remain listed as "Acceptable for New Deployments" on the PCI SSC website.
PA-DSS expiry dates are as follows:
PA-DSS version | Expiry of application listing |
1.0 | 28 October, 2013 |
2.0 | 28 October, 2016 |
3.0 | 28 October, 2019 |
3.1 | 28 October, 2019 |
3.2 | 28 October, 2022 |
After the Expiry Date, applications are listed as 'Acceptable only for Pre-Existing Deployments.' See FAQ #1195 for an explanation of the difference between an application which is "Acceptable for New Deployments" and one which is 'Acceptable only for Pre-Existing Deployments.'
June 2015
Article Number: 1275
Related
-
When should an entity implement PCI DSS requirements noted as best practices until a future date?
-
For PCI DSS, can multi-factor authentication (MFA) implementations indicate the success of a factor prior to presentation of subsequent factors?
-
What is the completion date for PCI DSS assessments documented in a Report on Compliance and its related Attestations of Compliance?
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Most Popular
-
When should an entity implement PCI DSS requirements noted as best practices until a future date?
-
For PCI DSS, can multi-factor authentication (MFA) implementations indicate the success of a factor prior to presentation of subsequent factors?
-
What is the completion date for PCI DSS assessments documented in a Report on Compliance and its related Attestations of Compliance?
-
What is the completion date for PCI DSS assessments documented in a Self-Assessment Questionnaire and its related Attestations of Compliance?
-
How does PCI DSS Requirement 6.4.3 apply to 3DS scripts called from a merchant check-out page as part of 3DS processing?
Most Recently Updated
-
When should an entity implement PCI DSS requirements noted as best practices until a future date?
-
What is meant by "At-Risk Timeframe" and at risk referenced in the Final PFI Report?
-
Does PCI DSS Requirement 8.2.2 allow users to share authentication credentials?
-
For PCI DSS, can multi-factor authentication (MFA) implementations indicate the success of a factor prior to presentation of subsequent factors?
-
What is the completion date for PCI DSS assessments documented in a Report on Compliance and its related Attestations of Compliance?