Validated Payment Software

Validated Payment Software has been assessed by a Secure Software Assessor to confirm adherence to the PCI Secure Software Standard. The assessment and validation are documented by the Secure Software Assessor in a Report on Validation (ROV). The PCI Council urges merchants and service providers to use validated payment software in their payment environments.

Although the PCI Council reviews these reports for quality management purposes, the PCI Council does not independently confirm the reports or the data or information they contain, nor does the PCI Council perform any testing or analysis of software, products, functionality, performance, suitability or compliance with the Standard.

Read more

Find Validated Payment Software

Filter by
Export List 

New customers may purchase and deploy this software. Revalidation of software is required annually until Expiry Date.

If a customer has already purchased and deployed this software prior to the listed expiration date, it is acceptable to continue using it. Note that the software vendor may elect to no longer sell and/or support this software. The Council does not require revalidation for software listed as Expired.

Secure Software Standard Version
Revalidation Date
Expiry Date
Validated by

Payment Software Status: Used by PCI SSC to identify the current status of Validated Payment Software for Program purposes. Assigned status is determined based on the Payment Software's Expiry Date and/or the Vendor's timely completion of annual revalidation (whether or not the particular version of the Payment Software is still being supported by the Vendor).

Validated: All newly Accepted Validated Payment Software is initially denoted as 'Validated’ and will retain this designation until denoted as 'Expired.'
Expired: This status is assigned to Validated Payment Software when either (i) annual revalidation requirements are not satisfied by the Vendor, causing early administrative expiry, or (ii) the Validated Payment Software reaches its Expiry Date (based on the version of the PCI Secure Software Standard under which it was validated).

Revalidation Date: Validated Payment Software must be revalidated annually. The Revalidation Date is used by PCI SSC to indicate when the Vendor's annual Attestation of Validation is due. The Revalidation Date is specified on the Attestation of Validation.

Expiry Date: The Expiry Date for Validated Payment Software is the date by which a Vendor must have the Payment Software re-evaluated against the then-current version of the PCI Secure Software Standard in order to maintain Acceptance.