July 1, 2010. That's the the date when all payment processing applications are required to be PA-DSS validated. Who should care? Well, if you sell point-of-sale (POS) systems with payment processing functions or, if you accept credit, PIN-debit and other electronic card payments, then you should. You can visit the PCI Security Standards Council (PCI SSC) website to learn about the requirements and certification process, but here are a few reasons why it's important to your business.
First, if your payment processing system is not PA-DSS validated/PCI compliant, you can no longer process card payments. Yes, that’s correct. According to the PCI SSC guidelines, you are prohibited from using payment processing systems that are not PA-DSS certified, and if you continue to use a non-validated payment application, your business could be shut down. Is there a compliance policeman knocking down your door on July 1st? Probably not, but that doesn’t preclude you from being audited.
Second, if your network is breached and cardholder data is stolen, you could be held liable for the occurrence. This could cost you thousands of dollars, not to mention an impact on your brand/business and customer loyalty.
Third, you may find yourself on a waiting list if you delay your compliance audit. This could impact your business. If you’re a Level 4 merchant, you’ll need to complete the PCI SSC’s self-assessment questionnaire and quarterly scans by a Qualified Security Assessor (QSA). If your solution is already PCI compliant, that questionnaire may be considerably shorter. If you’re a POS developer, your payment applications require you to complete a more robust audit process that could cost several thousand dollars, in addition to making software updates/changes that may be necessary to achieve compliance.
So start planning your compliance strategy today. If you're a Level 4 merchant, check with your POS provider or VAR to be sure your existing solution is PCI Compliant and ask for recommendations for a QSA. If you are POS developer or VAR, discuss PA-DSS options with your payment processing vendor. You can minimize the costs and headaches associated with PA-DSS compliance if you integrate or use a PA-DSS certified solution. Merchant Warehouse offers a complete suite of PA-DSS validated solutions that minimize compliance. Check the PCI SCC website for a list of PA-DSS certified solutions and certified QSAs.