Visa Issues FAQ on its Payment Application Mandates

Visa just released a FAQ on its payment application mandates. Visa issued the mandates with two objectives in mind:To eliminate the use of payment applications that are known to be vulnerable to attack or that store prohibited data like the security codes or PINs; andTo require merchants who use third party payment applications to use only PA-DSS applications.Note that if you use an internally-developed payment application (does anybody still do that!?!), the second part of this mandate doesn't apply to you. But if like most of the Higher Ed world you use third-party apps that store, process, or transmit payment card data, then those apps have to be PA-DSS compliant. And the only way you can tell is to go to the list on the PCI Council's website and check to see if your app is listed. While you're there, be sure to check the version and expiry date, too.I'm sometimes asked if using a PA-DSS application makes a school PCI compliant. The answer is a firm NO, but it can help if you do it right. First, your PA-DSS app has to be installed according to the vendor's Implementation Guide (you asked to see a copy before you signed up, right...we could have a major discussion on that one), and you installed the (continue reading...)