Since the PCI Council has placed increased emphasis on compliant applications via the Payment Application Data Security Standards (PA DSS), nearly every day we get questions such as “what constitutes as a payment application when it comes to PCI?” Unfortunately it is difficult to find a specific definition. Our resident CISSP, Fritz Young, wrote a brief article on this subject yesterday to help clarify and better define the term “payment application” as it relates to PCI.

We define a payment application as anything that stores, processes or transmits card data electronically. In most cases, this does not include the hardware running the application unless the hardware and software are intertwined similar to a credit card swipe terminal. Examples of payment applications may  include Point of Sale systems or shopping carts for e-commerce Websites.

We have a Website completely devoted to educational topics related to PCI. So I encourage you to check out the Website (www.pcicomplianceguide.org).  You can review Fritz’s article and also find answers to other questions you have related to PCI.

I’ll keep you posted on anything else we find out related to payment applications – so please stay tuned. If you have specific questions, I encourage you to comment on this post.

'Til next time,
Joan
The eSecurity Diva