What is PA-DSS/PCI?

“PA-DSS/PCI applies to software vendors and others who develop payment applications that store, process, or transmit card holder data as part of authorization or settlement, where these payments applications are sold, distributed, or licensed by third parties.”

Source: PA-DSS Requirements and Security Assessment Procedures Document – see links below:


Source: PCIComplianceGuide



Is Yellow Dog Required to be PA-DSS/PCI Certified?

Yellow Dog Inventory is not PA-DSS/PCI certified. However, Yellow Dog Inventory is not a Payment Application and never requires or retrieves payment information. Yellow Dog inventory does not store, process, or transmit sensitive card holder data at any time and therefore does not require PA-DSS/PCI certification.   


What types of payment applications are NOT subject to the PA-DSS/PCI requirements?

The following list, while not all inclusive, illustrates applications that are NOT payment applications for purposes of PA-DSS/PCI (and therefore do not need to undergo PA-DSS/PCI reviews): operating systems onto which a payment application is installed (for example, Windows, Unix), database systems that store cardholder data (for example, Oracle) and back-office systems that store cardholder data (for example, for reporting or customer service purposes).

NOTE: Yellow Dog Inventory dose not access or store any card holder data

PA-DSS: https://www.pcisecuritystandards.org/pdfs/pci_pa_dss.pdf

PCI: https://www.pcicomplianceguide.org/faq/#11