Validated Payment Software
Validated Payment Software has been assessed by a Secure Software Assessor to confirm adherence to the PCI Secure Software Standard. The assessment and validation are documented by the Secure Software Assessor in a Report on Validation (ROV). The PCI Council urges merchants and service providers to use validated payment software in their payment environments.
Although the PCI Council reviews these reports for quality management purposes, the PCI Council does not independently confirm the reports or the data or information they contain, nor does the PCI Council perform any testing or analysis of software, products, functionality, performance, suitability or compliance with the Standard.
Find Validated Payment Software
New customers may purchase and deploy this software. Revalidation of software is required annually until Expiry Date.
If a customer has already purchased and deployed this software prior to the listed expiration date, it is acceptable to continue using it. Note that the software vendor may elect to no longer sell and/or support this software. The Council does not require revalidation for software listed as Expired.
Payment Software Status: Used by PCI SSC to identify the current status of Validated Payment Software for Program purposes. Assigned status is determined based on the Payment Software's Expiry Date and/or the Vendor's timely completion of annual revalidation (whether or not the particular version of the Payment Software is still being supported by the Vendor).
Revalidation Date: Validated Payment Software must be revalidated annually. The Revalidation Date is used by PCI SSC to indicate when the Vendor's annual Attestation of Validation is due. The Revalidation Date is specified on the Attestation of Validation.
Expiry Date: The Expiry Date for Validated Payment Software is the date by which a Vendor must have the Payment Software re-evaluated against the then-current version of the PCI Secure Software Standard in order to maintain Acceptance.