PA-DSS Standard version 3.1 consists of 14 major requirements:

  1. Do not retain full track data, card verification code or value       (CAV2,CID,CVC2, CVV2), or PIN block data .
  2. Protect stored cardholder data
  3. Provide secure authentication features
  4. Log payment application activity
  5. Develop secure payment applications
  6. Protect wireless transmissions
  7. Test payment applications to address vulnerabilities and maintain payment application updates
  8. Facilitate secure network implementation
  9. Cardholder data must never be stored on a server connected to the Internet
  10. Facilitate secure remote access to payment application
  11. Encrypt sensitive traffic over public networks
  12. Encrypt all non-console administrative access
  13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators
  14. Assign PA-DSS responsibilities for personnel, and maintain training programs for personnel, customers, resellers, and integrators