The standard for payment applications security contains requirements to the cardholder data processing software. It is related to the PCI-DSS standard. PA-DSS certification is required for payment applications, which store, process and transfer data about cardholders at the transaction authorization stage and during settlements between the payment process participants. The requirement for certification applies only to applications developed for sale or transfer under a license agreement.
PA-DSS standard does not apply
PCI DSS standard (Payment Card Industry Data Security Standard) is intended for ensuring secure processing, storage and transfer of cardholder data in the information systems of companies operating with international payment systems, such as Visa, MasterCard and others.
The standard was developed by the PCI Security Standards Council, which includes the world’s leading companies in the payment card market, such as American Express, Discover Financial Services, and JCB.
The standard provides a list of 12 detailed requirements to ensuring security of cardholder data, which is transferred, stored and processed in corporate IT infrastructures. Adoption of relevant measures for ensuring compliance with the requirements of the standard implies a comprehensive approach to guaranteeing information security of payment cards data.Download standard
Standard of the Bank of Russia for information security assurance in companies of the Russian banking industry (STO BR IBBS) is a corpus of documents issued by the Bank of Russia based on the requirements of the Russian Law and describing a unified approach to building the architecture of IS assurance systems in companies of the banking industry.
Federal Law No. 184-FZ ‘Concerning Technical Regulation’ dated December 27, 2002 establishes an advisory status for standards and other documents on standardization.
However, the same Federal Law sets forth that standards and other documents on standardization are to be obligatory followed by the companies, which take a voluntary decision to join in.Download standard
Subject to Federal Law No. 161 FZ ‘Concerning the National Payment System’ dated June 27, 2011 (the Legislation Bulletin of the Russian Federation for 2011, No. 27, p. 3872) (hereafter, Federal Law No. 161-FZ), these Regulations set up the requirements for money transfer operators, bank paying agents (sub-agents), payment systems operators, payment infrastructure service providers to ensuring information protection during money transfer (hereafter referred to as ‘requirements to information protection during money transfer’), as well as the control procedure exercised by the Bank of Russia regarding the compliance with the requirements to ensuring information protection during money transfer within the scope of supervision exercised by the Bank of Russia over the national payment system.Download standard
The international standard for security management (ISO/IEC 27001) is an international standard for information security developed jointly by the International Organization for Standardization and the International Electrotechnical Commission. It was prepared for publication by SC27 subcommittee of the Joint Technical Committee JTC 1.
ISO/IEC 27001 is designed for developing corporate Information Security Management System regardless of a company’s business field.
Primary targets of the Standard: