PCI council to take over secure application standard

Share this article:

The body charged with managing and promoting the Payment Card Industry Data Security Standard (PCI DSS) announced today it will soon administer another set of merchant guidelines involving secure payment systems.

The PCI Security Standards Council is expected to take over the nearly three-year-old Payment Application Best Practices standard, formerly run by Visa, in the first quarter of next year. The program determines and lists which qualified security assessor (QSA)-approved software should be used by retailers to process credit card transactions and meet compliance requirements.

Under PCI Security Standards Council guidance, the benchmark will become known as the Payment Application Data Security Standard (PA DSS) and complement the existing 12-step PCI DSS standard that merchants must follow to safeguard credit card information.

"It will be one global standard, as opposed to just a Visa standard and not a MasterCard or a Discover or an AmEx standard," Bob Russo, general manager of the PCI council, told SCMagazineUS.com today.

The council will be responsible for training and validating QSAs who will analyze vendor point-of-sale systems to ensure they do not store prohibited data, such PIN and CVV2 numbers, he said.

"Anyplace that stores or transmits data in any way, shape or form could be a weak link in the system," Russo said.

Gordon Rapkin, president and chief executive officer of data security firm Protegrity, told SCMagazineUS.com today that the announcement indicates the council is taking a more proactive role in defining what specific solutions merchants should use to meet compliance.

"I think it's the first step toward the PCI Security Standards Council providing a definition of what technology products meet their standards," he said. "I think there's other emerging technology areas where the PCI standard is requiring things, but merchants are saying, ‘How do I know if [the solution] is a good one or if it will be satisfactory?'"

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.