It’s a date that will probably not live in infamy, but it represents a deadline that may cause trouble for many payment application vendors. Software applications that were validated under PA-DSS v. 1.2 are set to expire on October 28, 2013. What does this mean for software vendors and their customers?
Software vendors, with upcoming expiration validation dates, will need to have their applications reevaluated under PA-DSS v. 2.0 in order to continue to sell their solution to new customers. As per the PCI SSC, it is acceptable for existing customers to continue to use software that was validated under PA-DSS v. 1.2.
Software vendors and merchants should check their software against the PCI SSC’s list of Validated Payment Applications. Some products have already been revalidated, but merchants must be wary if they use applications that are set to lose validation on October 28, 2013. They may wish to contact the vendor to see if revalidation is in the future—if it isn’t, it’s probably wise for merchants to upgrade their applications to one validated to comply with PA-DSS v. 2.0. Software vendors with expiring PA-DSS validations may consider implementing alternative solutions that completely remove their applications from PCI Compliance scope, such as point-to-point encryption or Hosted Payments, rather than undergoing revalidation.