with PCI DSS.
For a payment application to be deemedPA-DSScompliant, software vendors must ensure that
their software includes the following fourteen protections:
1. Do not retain full track data, card verification code or value (CAV2, CID, CVC2, CVV2),
or PIN block data.
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities and maintain payment application
updates.
8. Facilitate secure network implementation.
9. Cardholder data must never be stored on a server connected to the Internet.
10. Facilitate secure remote access to payment application.
11. Encrypt sensitive traffic over public networks.
12. Secure all non-console administrative access.
13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators.
14. Assign PA-DSS responsibilities for personnel, and maintain training programs for
personnel, customers, resellers, and integrators.
Toast has pursued PA-DSS validation for our POS application when hosted on a Toast-issued Elo
device. At this time, use of application with hardware not listed on validation report has not be
tested or evaluated under the PA-DSS framework.
PCI Instruction Guide
© Toast 2018
Page 5 of 44
To Next Page
Loading...
