Cybersource Developer Community Cybersource Developer Community

If recent trends in data compromises are any indication, the need for payment application developers to understand and adopt security best practices has never been greater.

To help you understand the standards, compliance and security requirements that apply to your integrations, we created the following training video to help you get started.

Please note that Authorize.Net plays no role in the establishment or enforcement of the Payment Card Industry Data Security Standard (PCI DSS) or the Payment Application Best Practices (PA DSS) requirements.

A Qualified Security Assessor (QSA) is a data security firm that has been trained and is certified by the PCI Security Standards Council to perform on-site security assessments to verify PCI DSS compliance.

Authorize.Net has partnered with Trustwave, a leading QSA, to offer compliance validation and consulting services at reduced cost to Authorize.Net merchants and developers. For more information, please visit http://www.authorize.net/trustwave.

If you prefer to find another QSA for these services, the PCI Security Standards Council maintains lists here:

• Qualified Security Assessor Companies https://www.pcisecuritystandards.org/approved_companies_providers/qualified_security_assessors.php
• Payment Application QSAs (PA-QSA) https://www.pcisecuritystandards.org/approved_companies_providers/payment_application_qsas.php. 

Additional Resources for Developers

To learn more about the security standards and your obligations to comply, you may also find the following links useful:

• PCI SSC resources for merchants https://www.pcisecuritystandards.org/merchants/index.php
• PCI-SSC documents library https://www.pcisecuritystandards.org/security_standards/documents.php
• Open Web Application Security Project (OWASP) http://www.owasp.org
•  Visa Cardholder Information Security Program http://usa.visa.com/merchants/risk_management/cisp_overview.html