PCI Watch

Tracking changes across the Payment Card Industry

Document Comparison

pa-dss_attestation_of_validation.pdf pa-dss_attestation_of_validation_v201.pdf
36% similar
3 → 5 Pages
710 → 1261 Words
14 Content Changes

Content Changes

14 content changes. 4 administrative changes (dates, page numbers) hidden.

Added p. 2
Part 2. Submission Type Identify the type of submission and complete the indicated sections of this Attestation of Validation associated with the chosen submission type (check only one).

Full Validation Complete Parts 3a, 3c, 4a, 4d, 5a, & 5c Annual Revalidation Complete Parts 3b, 3c, 4b, & 4d No-Impact Change (Administrative) Complete Parts 3a, 3b, 3c, 4c, 4d, 5b, & 5c No-Impact Change (Payment Application) Complete Parts 3a, 3b, 3c, 4c, 4d, 5b, & 5c Low-Impact Change Complete Parts 3a, 3b, 3c, 4c, 4d, 5b, & 5c High-Impact Change Complete Parts 3a, 3c, 4a, 4d, 5a, & 5c
Added p. 3
Application Name: Existing Version Number:

Required Dependencies:

Application Name: Version Number:

PCI SSC Reference Number: Required Dependencies:

Description of change, if applicable:

Part 3c. Payment Application Functionality & Target Market Payment Application Functionality (check only one):

Automated Fuel Dispenser POS Kiosk Payment Gateway/Switch Card-Not-Present POS Specialized Payment Middleware POS Admin POS Suite/General Payment Module POS Face-to-Face/POI Payment Back Office Shopping Cart & Store Front Target Market for Payment Application (check all that apply):

Retail Processors Gas/Oil e-Commerce Small/medium merchants Others (please specify):
Added p. 4
Part 4a. Confirmation of Validated Status: (each item to be confirmed) The PA-QSA has been provided with all documentation and resources necessary to reach an accurate assessment of the PA-DSS compliance status of (Payment Application Name and version).

We acknowledge our obligation to provide end-users of (Payment Application Name and version) (either directly or indirectly through their resellers and integrators) with a copy of the validated payment application’s PA-DSS Implementation Guide.

Part 4b. Annual Re-Validation Confirmation:

Based on the results noted in the PA-DSS ROV dated (date of ROV), (PA Vendor Name) asserts the following as of (date):

Note: Part 4b is for the required Annual Attestation for listed payment applications, and should ONLY be completed if no modifications have been made to the Payment Application covered by this AoV.

No modifications have been made to (Payment Application Name and version).

Part 4c. Minor Change Analysis Based on internal change analysis and the Vendor Change Analysis …
Modified p. 1
Payment Card Industry (PCI) Payment Application Data Security Standard Attestation of Validation Version 2.0
Payment Card Industry (PCI) Payment Applicaton Data Security Standard (PA-DSS) Attestation of Validation Version 2.01
Removed p. 2
Payment Application Functionality (check all that apply):

POS Suite POS Admin Shopping Cart & Store Front POS Face-to-Face Payment Middleware Others (please specify): POS Kiosk Payment Back Office POS Specialized Payment Gateway/Switch Target Market for Application:
Modified p. 2
The PA-QSA and Payment Application Software Vendor should complete all sections and submit this document along with copies of all required validation documentation to PCI SSC, per PCI SSC’s instructions for report encryption and submission.
The PA-QSA and Payment Application Software Vendor should complete all applicable sections and submit this document along with copies of all required validation documentation to PCI SSC, per PCI SSC’s instructions for report submission as described in the PA-DSS Program Guide.
Modified p. 2
Part 1. Payment Application Vendor and Qualified Security Assessor Information Part 1a. Payment Application Vendor Information Company Name: DBA(s):
Part 1. Payment Application Vendor and Qualified Security Assessor Information Part 1a. Payment Application Vendor Information Company Name:
Modified p. 2
State/Province: Country: Zip:
State/Province: Country: Postal Code:
Modified p. 2
State/Province: Country: Zip:
State/Province: Country: Postal Code:
Modified p. 2
Part 1b. Payment Application Qualified Security Assessor (PA-QSA) Company Information Company Name:
URL: Part 1b. Payment Application Qualified Security Assessor (PA-QSA) Company Information PA-QSA Company Name:
Modified p. 2 → 3
Part 2. Payment Application Information List Payment Application Name(s) and Version Number(s) included in PA-DSS review:
Part 3b. Payment Application References Reference Payment Application Name and Version Number currently on the PCI SSC list:
Removed p. 3
Part 3b. Annual Re-Validation Confirmation:

The contents of the above-referenced ROV continue to be applicable to the following software version: (Payment Application Name and version).

Note: Section 3b is for the required Annual Attestation for listed payment applications, and should ONLY be completed if no modifications have been made to the Payment Application covered by the above-referenced ROV. For the annual re-validation, the software vendor can complete, sign, and submit this form. The PA-QSA is not required to sign the annual re-validation.

Part 3c. PA-QSA and Application Vendor Acknowledgments Signature of Application Vendor Executive Officer  Date  Application Vendor Executive Officer Name  Title  Application Vendor Company Represented  Signature of Lead PA-QSA  Date  Lead PA-QSA Name  Title  1 Magnetic Stripe Data (Track Data)

• Data encoded in the magnetic stripe or equivalent data on a chip used for authorization during a card-present transaction. Entities may not retain …
Modified p. 3 → 5
Part 3a. Confirmation of Validated Status: (each item to be confirmed) Fully Validated: All requirements in the ROV are marked “in place,” thereby (Payment Application Name(s) and Version(s)) has achieved full validation with the Payment Application Data Security Standard.
Part 5a. Confirmation of Validated Status: (each item to be confirmed) Fully Validated: All requirements in the ROV are marked “in place,” thereby (Payment Application Name(s) and Version(s)) has achieved full validation with the Payment Application Data Security Standard.
Modified p. 3 → 5
No evidence of magnetic stripe (i.e., track) data1, CAV2, CVC2, CID, or CVV2 data2, or PIN data3 storage after transaction authorization on ANY files or functionalities generated by the application during this PA-DSS assessment.
No evidence of magnetic stripe (i.e., track) data, CAV2, CVC2, CID, or CVV2 data, or PIN data storage after transaction authorization on ANY files or functionalities generated by the application during this PA-DSS assessment.