PCI Security Standards Council®

Payment Application Qualified Security Assessor (PA-QSA)™ Qualification

The Payment Application Qualified Security Assessor curriculum teaches you to perform assessments of third-party developed payment applications to ensure compliance with the Payment Application Data Security Standard (PA-DSS). With this training course, you will become an expert on the requirements for PA-DSS compliance and help ensure the consistent, proper application of security measures and controls for payment applications.

Upon completion of the course, you’ll be able to:

Become Qualified

Right for you if…

You are a current QSA who is employed by a QSA company performing assessments of third-party payment applications for compliance with PA-DSS. Typical job titles include: Managing Director of Compliance Services, Practice Lead Security Assessor, Senior Security Consultant, Information Security Analyst, and Information Security Auditor.

Course Details

Course Description

The Payment Application Qualified Security Assessor (PA-QSA) covers the PA-DSS requirements, sub-requirements, and associated testing procedures in depth.

  • PCI Industry Overview
    In depth coverage of the payment card industry, the terminology used to describe its key aspects, the flow of data through the various payment card mechanisms and the relationships between the various actors in the process
  • PCI Thresholds and Brand Specific Requirements
    Detailed coverage of the classifications and compliance requirements for merchants, service providers and vendors and the various specific requirements imposed by the various card brands
  • PCI Data Security Standard (DSS)
    In-depth training on every aspect of the current DSS including requirements, reasoning and what constitutes compliance with the requirement
  • PCI Code Review and Analysis
    In-depth training on executing code reviews and locating non PCI compliant constructs and procedures in applications that implement payment card processing systems
  • PCI Hardware and Communications Infrastructure
    In-depth training on the current state of typical devices and connectivity used by organizations to accept payment cards, and communicate with the verification and payment facilities
  • PCI Reporting
    In depth training on constructing and filing the necessary compliance reports and techniques for communicating results to those being audited

How to Prepare

Prior to attending a PA-QSA training session it is strongly recommended you familiarize yourself with the following publications available in the document library:

  • Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures
  • Payment Card Industry (PCI) Payment Application Data Security Standard – Requirements and Security Assessment Procedures
  • Payment Card Industry (PCI) Data Security Standard and Payment Application Data Security Standard Glossary of Terms, Abbreviations, and Acronyms
  • PA-QSA Qualification Requirements
  • Program Guide
  • ROV Reporting Template
  • Attestation of Validation
  • PA-DSS and Mobile Applications FAQs
  • Which Applications are Eligible for PA-DSS Validation
Training and Exam

eLearning PA-QSA Qualification Course

This self-paced, six-hour online course offers:
  • Flexible scheduling 24/7/365
  • Learn from your home or office
  • Reduced travel costs and time away from work

You will receive a link to access the eLearning course. You will have 90 days from the day you receive the link to complete the course and take the exam. You will also receive a separate email from Pearson VUE with credentials and complete instructions on how to schedule your exam.

Taking the exam - Upon completion of the eLearning curriculum, the student will take the qualification exam at one of over 4,000 Pearson VUE Testing Centers worldwide. The student will receive a voucher number to be redeemed in Pearson VUE's online registration system; testing location and time are selected by the student. The exam must be completed in one sitting and must be taken within 30 days of the candidate being given the information on how to schedule the exam.

The Primary Contact at the PA-QSA Company will be notified of results. Employees who fail may retake the training and exam, upon payment of a re-test fee. For each attendee that passes the exam, the PA-QSA Company will receive a certificate that validates the employee for the next 12 months.

Note:  Hiring or employing a PA-QSA does not assume the Company has met all of the PCI SSC validation requirements.

Testing Center Locations
Registration

In order to attend PA-QSA training your company must already be a validated PA-QSA Company and you must be a full time employee. Please see the QSA Validation Requirements - PA-QSA Supplement for more details.

All candidates must apply to the PA-QSA program and be approved by the PCI Council to participate in a training class. All training inquiries and assignments must be submitted through your company's assigned Primary Contact. Other requirements include:

  • Must be a QSA
  • Must have completed two PCI DSS assessments
  • Must have substantial application security knowledge and experience conducting application and code reviews, and/or demonstrated competence in cryptographic techniques
Requalification

In order to maintain the high standards set for this certification, all PA-QSA employees must re-certify every 12 months in order to continue as a Payment Application Qualified Security Assessor for their PA-QSA company. Please note that annual PA-QSA requalification training will be held in an eLearning format only. All PA-QSA Program training attendees will be required to sign and accept the terms of the PCI SSC PA-QSA Employee Certification form at the time they begin the online training.

All training inquiries and assignments must be submitted through the PA-QSA company's primary contact. PCI SSC requires all training attendees to be full time employees of the PA-QSA company that they were initially hired by.

All requests for requalification must be submitted at least two weeks prior to the certificate expiration date. Please specify which two week session your employee(s) would like to be registered for or they will automatically be registered for the two week session prior to their expiration date. Attempting to recertify two weeks past the PA-QSA's annual expiration date will require the PA-QSA to attend New PA-QSA training.

eLearning Course

Course
Price
Course: New PA-QSA Professional
Price: $1375 USD
Annual PA-QSA requalification training fee is $1095 USD per Assessor

Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE. An invoice will be issued upon completion of registration and will include instructions to pay by check, credit card or wire transfer.
Payment is required prior to beginning the course. Course conducted in English. Examination delivered in English.
Request More Information