Validated Payment Applications
PA-DSS Validation and Listing Program is now CLOSED
On 28 October 2022, the PCI Security Standards Council (PCI SSC) formally retired its Payment Application Data Security Standard (PA-DSS) and closed the associated PA-DSS validation and listing program. All prior entries on the PCI SSC’s List of Validated Payment Applications have been moved to the “Acceptable Only for Pre-Existing Deployments” list and are considered expired for PA-DSS program purposes.
Entities wishing to continue using these payment applications for the purposes of meeting compliance requirements should contact the Payment Card Brands directly to determine how the continued use of such payment applications may impact the entity’s compliance with the individual brands’ PCI DSS compliance programs.
Payment Software Vendors wishing to have their payment applications and software listed on the PCI SSC website should refer to PCI SSC’s Software Security Framework (SSF), the replacement program for PA-DSS. The PCI SSF includes two new security standards, the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard, each with its own validation and listing program. More information on the PCI SSF can be found in the PCI Perspectives Blog on the PCI SSC website.
Find a Validated Payment Application
New customers may purchase and deploy this product. Revalidation of these applications is required annually until Expiry Date.
If a customer has already purchased and deployed this product prior to the listed expiration date, it is acceptable to continue using it. Note that the software vendor may elect to no longer sell and/or support this product. The Council does not require revalidation for applications that are listed as Acceptable only for Pre-Existing Deployments.