No. When validating payment application compliance through a Report on Validation (ROV) you may not ‘combine’ requirements from the two versions of the standard ? your assessment must be to either PA-DSS version 2 or version 3 in its entirety. Please also note that PA-DSS validations must follow the instructions in the corresponding Program Guide. For example, applications validated under PA-DSS version 2 must use version 2 of the PA-DSS Program Guide, and version 3 validations must use PA-DSS Program Guide version 3.

In 2014, vendors can validate their payment application to either version 2 or version 3. All new validations after December 31st, 2014 must be to PA-DSS version 3.