Frequently Asked Questions

< Back to search page

What happens if I'm using a PA-DSS validated payment application that is breached?

FAQ Response

Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.

February 2008
Article Number 1128

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What is the Council’s guidance on the use of SHA-1?

What version of PCI DSS should I use?

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

How does Triple DEA (TDEA) impact ASV Scan results?

Frequently Asked Questions

What happens if I'm using a PA-DSS validated payment application that is breached?

Related Articles