Frequently Asked Questions

< Back to search page

What happens if I'm using a PA-DSS validated payment application that is breached?

FAQ Response

Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.

February 2008
Article Number 1128

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What are the PA-DSS Expiry Dates?

What is the difference between a Validated Payment Application which is shown on the PCI SSC website as “Acceptable for New Deployments” and one which is shown as “Acceptable only for Pre-Existing Deployments”?

How does use of an expired PTS device affect my PCI DSS compliance?

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

Frequently Asked Questions

What happens if I'm using a PA-DSS validated payment application that is breached?

Related Articles