Frequently Asked Questions

< Back to search page

What happens if I'm using a PA-DSS validated payment application that is breached?

FAQ Response

Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.

February 2008
Article Number 1128

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What are the PA-DSS Expiry Dates?

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

How does Triple DEA (TDEA) impact ASV Scan results?

Does PCI DSS, PA-DSS, or PTS apply to ATMs?

Frequently Asked Questions

What happens if I'm using a PA-DSS validated payment application that is breached?

Related Articles