Frequently Asked Questions

< Back to search page

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

FAQ Response

A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI SSC List of Validated Payment Applications.

If a PA-DSS payment application is installed onto an operating system that is not included in its PCI SSC listing, then it is still possible that the application is able to support a merchant’s PCI DSS compliance. However, there has been no validation that the application will be able to meet PA-DSS requirements when installed on that operating system, and the application cannot be considered PA-DSS validated for that implementation.

June 2014
Article Number 1278