26 January 2011

Mr. Mike Hamm

Chief Operating Officer
Focus POS Systems
3372 Ro Cordillera
Boerne, TX 78006
Re: Payment Application Data Security Standard (PA-DSS) Compliance
Dear Mr. Hamm,
All Third Party payment software vendors are required to comply with the Payment Application Data Security
Standard (PA-DSS). Validation with the PA-DSS provides a significant value to the payment application
industry by helping software vendors develop secure payment applications that do not store prohibited data,
as well as, ensure their payment applications support compliance with the PCI DSS (Payment Card Industry
Data Security Standard).
Focus POS Systems engaged 403 Labs, LLC, a PA-QSA (Payment Application Qualified Security Assessor),
to perform a third-party assessment of Focuss Focus POS application version v7.4 against the PA-DSS
Requirements v1.2.1.
Based on the information Focus POS Systems provided during the assessment and the test instance of the
application provided by Focus, all of the requirements in the Report on Validation (ROV) dated December 21,
2010 have been reported as in place, and, therefore, 403 Labs recommended Focus POS Systems for the
status of compliant with the PA-DSS.
403 Labs has completed our review and testing and submitted a Report on Validation (ROV) to the PCI SSC
(Payment Card Industry Security Standards Council) on January 25, 2011 for their acceptance and final
approval. Based on previous responses, we expect to receive notification from the PCI SSC within
approximately 60 - 90 days.
Focus POS Systems validation will be recognized for up to three (3) years, provided Focus POS Systems
does not make any changes as to how the application stores or accesses data.
Thank you for choosing 403 Labs as your PA-QSA. As always, if you have any questions regarding the PADSS requirements or if there is anything else we can do for you, please let us know.
Sincerely,

Kim David
Manager, Resources