This document summarizes the Payment Application Data Security Standard (PA-DSS) and discusses its relationship to the PCI Data Security Standard (PCI DSS). It notes that PA-DSS was created by Visa to provide security requirements for payment applications, and that compliance is required by July 2012. It then analyzes some technical deficiencies in PA-DSS, including its reliance on outdated aspects of PCI DSS, and proposes that the root causes are elitism and lack of experience in the security community.