Validated Secure Software

Validated Secure Software has been assessed by a qualified Secure Software Assessor to confirm adherence to the PCI Secure Software Standard and Program. The assessment and validation are documented by the Secure Software Assessor in a Report on Validation (ROV). The PCI Council urges merchants and service providers to use validated Secure Software in their payment environments.

Although the PCI Council reviews these reports for quality management purposes, the PCI Council does not independently confirm the reports or the data or information they contain, nor does the PCI Council perform any testing or analysis of software, products, functionality, performance, suitability or compliance with the Standard.

Read more

Find Validated Secure Software

Filter by
Export List 

Please contact the payment brands for information regarding the use of expired software products.

Company
Secure Software Standard Version
Software
Status
Validated by
Assessor Company
Annual Attestation Date
Reassessment Date
 

Software Status: Denotes if the Listed Software Product is a Validated Secure Software Product or if it has transitioned to being an Expired Secure Software Product per the Program. Refer to the associated PCI Secure Software Program Guide for details. Note: formerly referred to as ‘Payment Software Status' for v1.x

Dates in orange indicate the Annual Attestation process has not been completed in accordance with the Secure Software Program Requirements (up to 45 days overdue).

Validated: All newly Accepted Validated Secure Software is initially denoted as 'Validated’ and will retain this designation until denoted as 'Expired.'
Expired: This status is assigned to Validated Secure Software when either (i) annual revalidation requirements are not satisfied by the Vendor, causing early administrative expiry, or (ii) the Validated Secure Software reaches its Reassessment Date (based on the version of the PCI Secure Software Standard under which it was validated).

Annual Attestation Date: Validated Secure Software is required to undergo an Annual (Vendor) Attestation process. Refer to the associated PCI Secure Software Program Guide for details. Note: formerly referred to as ‘Revalidation Date’ for v1.x.

Reassessment: The 3 year Reassessment Date for Validated Secure Software. Refer to the associated PCI Secure Software Program Guide for details. Note: formerly referred to as ‘Expiry Date’ for v1.x. is the date by which a Vendor must have the Payment Software re-evaluated against the then-current version of the PCI Secure Software Standard in order to maintain Acceptance.

For v1.x Listings, refer to the associated v1.x Secure Software Standard and Program Guide.
For v2.x Listings, refer to the associated v2.x Secure Software Standard and Program Guide.

Wildcard characters are substituted for a defined set of possible characters in the Secure Software version, per the Vendor’s wildcard schema. Refer to the current Secure Software Program Guide and any relevant Technical FAQs in the PCI SSC Document Library for acceptable use of wildcard characters. The highlighting of wildcard characters in a Secure Software version is a visual feature applied as of Secure Software Standard v2.0 Listings.