When is the last time you went to an ATM to withdraw cash? Gone are the days when people visited ATM terminals for money.
Today, with the digital revolution, everything has become online, and the payment methods have changed in such a way that you longer require the payment card to conduct the transaction. We see people shop, dine out, use utilities and then pay with their digital devices. With the evolution of modern payment methods, the traditional methods of securing the software that facilitates payments should also evolve.
PCI SSC introduced the Payment Application Data Security Standards (PA DSS) in 2008 with the vision of securing payment applications. PA DSS helps payment application vendors develop secure payment applications.
With progressing times, the number of payment methods started multiplying. To support the current security needs of the payment world, PCI SSC has published Software Security Framework.
Why PCI Software Security Framework over PA-DSS?
PA DSS helps merchants maintain PCI DSS compliance by supporting software development and lifecycle management principles. In addition, PA DSS has a strict eligibility criterion that the application taking part in authorization and (or) settlement can only be validated as per its requirements.
Constantly evolving payment application software to facilitate a variety of payment methods requires objective focused security approach. The approach must provide security for the modern payment software, reduce vulnerabilities, and abate cyberattacks.
To support a broader array of payment software types, technologies, and development methods, PCI SSC announced the release of the new PCI Software Security Framework (SSF) in 2022. After October 2022, PCI SSC planned the official retirement of PA DSS, the benchmark standard.
PCI SSF is an independent collection of payment security standards that includes elements of PA DSS. SSF supports existing ways to demonstrate good application security and a variety of new payment software and development processes.