Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 0 down vote favorite

PA-DSS certification costs over 40K to get. Any ecommerce application that is distrubuted that handles CC transactions has to get this certification.

Some of the rules are 'code reviews', which means you can't be a 1-person startup since you need others in the company to be reviewing code (this is just 1 of MANY requirements ofcourse).

Is this a losing battle for a 1-man show or do you think there is a way to dance around this somehow?

PA-DSS I believe was suppose to be inforced this year July, but has been delayed for some reason.

share|improve this question
What (type of) applictation do you talk about? I did a large ecommerce framework some years ago and we did not need any certification to distribute it. – NetTecture Aug 14 '10 at 14:39

2 Answers

up vote 1 down vote

The workaround is to integrate with someone else's certified application.

Unless, of course, you plan to compete directly with one of these packages in which case the 40K is a cost of doing business.

There are lots of business you can't start on a shoestring due to regulatory costs, or requirements for multiple employees. (You can't start a bank, an insurance company, or a supermarket without capital and multiple employees either.)

Such is life.

share|improve this answer
up vote 0 down vote

I know this is a non-answer, but: Complain to your Congressman that the fat oligopolies in the credit card industry are pushing their problems onto the little man, instead of doing their own work themselves.

I have a Danish credit card, which is really 2 cards in one: A local "Dancard" and a Visa card. The Dancard uses modern smartcard encryption systems, and I have never seen fraud on this card.

My Visa and Mastercards on the other hand -- there is fraud something like 1 out of 3 times that I travel to less industrialized countries. Why? At least in part because a Visa or Mastercard uses 1970's technology, which is trivially easy to hack today.

But PA-DSS is a symptom of people growing tired of credit card fraud. Even if the entire card technology stack was modernized overnight, I would still expect the rules around personal information handling to be tightened. If you are in the business of developing and selling payment solutions, then I think you need to adopt to tighter regulation and higher development costs, or leave the business.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.