Vulnerable payment applications are a leading cause of cardholder data compromise among small merchants and will be decertified by Visa Network Partners and agents according to VISAâs payment application security mandates on October 1, 2009. PA-DSS, a Payment Card Industry Security Standards Council-managed program, addresses this issue with standards for developing secure payment applications. Every application that captures, processes, stores, or transmits credit card data, is obligated to comply with one or more of the payment card industry security standards. This can be a costly and time-consuming process taking several months and costing upward of $25k.
The PA-DSS Rapid Compliance Program combines the easy-to-use Commerce Toolkit for Applications (CTA) with Coalfireâs exclusive Rapid Compliance Platform to provide a fast and cost-effective option for payment application developers that:
ï· Reduces the cost of compliance by over 40%
ï· Offers a toolkit providing compliance functionality out-of-the-box
ï· Manages payment integration and compliance efforts simultaneously
ï· Offers Fast Track guidance for all types of payment solutions
Commerce Toolkit for Applications and PA-DSS CTA starts payment application developers off on the right track with components that provide PA-DSS compliant functionality âout of the box.â CTA includes best practice implementations of PA-DSS requirements, allowing payment application developers to focus on creating user experiences and business logic while the toolkit takes care of PA-DSS required functionality that is more challenging to implement, such as encryption key management, strong password enforcement and audit logging.
Coalfireâs Rapid Compliance Platform Through Coalfireâs Rapid Compliance Platform, payment application developers use an adaptive intelligence self-help platform combined with a hands-on assessment methodology to select the compliance strategy that fits their application needs. Once the application is ready for certification, Coalfire guides the process by communicating with Visa throughout; accelerating compliance with reduced impact on the development team.