[1] PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications.
The standard aimed to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN.
Creation and enforcement of these standards currently rests with PCI SSC via Payment Application-Qualified Security Assessors (PA-QSA).
Governed originally by Visa Inc., under the PABP moniker, PA-DSS was launched on April 15, 2008 and updated on October 15, 2008.
[12] The PCI SSC has published additional materials that further clarify PA-DSS, including the following: