WorldPay has developed three classifications for all payment applications within its merchant population. These three classifications are PA DSS Compliant, Known Vulnerable and Unknown. Let’s discuss each one in a little further detail.
PA DSS Compliant – This is an application that has been validated by a PA QSA and has been listed on the PCI SSC’s approved payment application listing. This is the preferred application type.
Known Vulnerable – These are applications that have been identified by VISA as either storing prohibited cardholder data and/or having been previously compromised. Effective January 1, 2008 Visa mandated that all acquirers and processors discontinue the boarding of merchants using Known Vulnerable applications. This list is maintained by Visa; however, it is not available to the general public due to security reasons.
Unknown – These are applications that have NOT received a PA DSS validation certification; however, they have NOT been identified as Known Vulnerable.
