Choose another country to see content specific to your location

//Select Country

PCI PA-DSS (Payment Application Data Security Standard) Certification Mark


Product certification / Voluntary assessment

Basis for Certification (certification standard):

Payment Card Industry Payment Application Data Security Standard


Standard owner:

PCI Security Standards Council, LLC.


What does the standard PCI PA-DSS cover?

The standard PCI PA-DSS defines the requirements for software used to process, store or transfer payment card data or sensitive authentication information associated with such data. These requirements include, but are not limited to: 

  • Software has been developed in such a way that it ensures effective implementation of the PCI PA-DSS requirements.
  • The software is accompanied by a manual ensuring correct implementation of the software by the organisation using the software.

  • What does “certification” and/or the issue of a certification mark for PCI PA-DSS by TÜV SÜD Sec-IT GmbH mean?
    • The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
    • A certificate and/or the authorisation to use a certification mark is only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the certification standard.
    • The certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database of TÜV SÜD Sec-IT GmbH.
    • To maintain certificate validity, the certificate holder must annually complete an announced audit with a positive result.
    • Unannounced audits are possible in specific cases.
  • How do we audit?

    Independent and qualified experts (auditors) apply the following auditing techniques:

    • Document review:
      Review of the Software Implementation Manual

    • Laboratory testing:
      Installation of the software in a realistic test environment and testing of all functionalities according to the requirements of the PCI PA-DSS standard.
  • What is beyond the scope of certification according to PCI PA-DSS?
    • The certification is only valid for the tested version of the software.
    • Testing and certification according to the standard PCI PA-DSS cannot rule out the presence of bugs in software.
    • Certification according to standard PCI PA-DSS does not guarantee that processed, saved or transmitted payment card information will not be lost or illegally changed or that such payment card information will be accessible on demand, even though these are key objectives of the PCI PA-DSS standard.


Management System Certification Marks

Explore here our certification marks

Learn More

Next Steps

Select Your Location





Middle East and Africa