2010 marks an important year for PA-DSS compliance. On July 1 Visa’s fifth PA-DSS security mandate takes effect. While the first four Visa mandates allowed various PA-DSS workarounds, the Visa Phase 5 Security Mandate clearly will not. Up until this mandate, merchants using payment applications before the adoption of PA-DSS and who have not switched processors since its adoption were grandfathered in and not required to update to a PA-DSS compliant application. This is no longer the case as of July 1: all merchants will be required to use only PA-DSS compliant applications.
With these fast approaching deadlines and the effort required to achieve compliance, Independent Software Vendors (ISVs) are finding themselves faced with major resource constraints. It’s tough enough for ISVs to keep up with the competition and customer demand to build feature rich functions much less plan for compliance mandates requiring significant development time and effort. However, ISVs that don’t take these deadlines seriously or remove their applications from the scope of compliance will lose customers that they worked hard to get and will ultimately be forced out of business.
Most ISVs should have a PA-DSS compliance plan in place by now. If you don’t, start by reading our post on PA-DSS implementation and get moving fast. For those with PA-DSS plans in place, be sure that you are reaching out to merchants using your software and informing them of the upcoming July 1 deadline. If they haven’t upgraded to a PA-DSS compliant version of your application by this date, they risk losing the ability to process credit and debit card transactions.
Comments