About PABP

Visa^® and MasterCard^® have established a set of Payment Application Best Practices (PABP) to help preserve the validity of payment processing systems. These practices aim to guide software vendors in developing secure payment applications and to support a merchant’s ability to comply with PCI DSS.

Because PABP-validated systems have been tested for vulnerabilities, they are considered safe for payment processing. Non-validated payment applications typically retain full magnetic stripe data, CVV/CVV2 or PIN data after authorization, which can leave a business at risk of data theft. If you aren’t sure about your system’s compliance with PABP, contact Merchant Warehouse and we will gladly help you.

Download the Payment Application Best Practices   |   Download the PABP-validated list

What Software Vendors Need to Know

A system that is PABP-compliant does not ensure PCI DSS compliance. Also, it is important to note that the validation for payment applications only applies to the specific version certified and not necessarily an older version of the same software.

In order for any product or version of a product to be listed on the PABP-validated list, software vendors must consult a PCI SSC-qualified Payment Applications Qualified Security Assessor (PA-QSA) to conduct the PABP compliance validation.

With previously validated payment applications, as long as no changes are made to a version that would impact compliance with PABP requirements, there is no need to re-validate that new product version. However, it is important that the appropriate reports describing each change be submitted to Visa^® and MasterCard^®.