PCI council to take over secure application standard

Share this article:

The body charged with managing and promoting the Payment Card Industry Data Security Standard (PCI DSS) announced today it will soon administer another set of merchant guidelines involving secure payment systems.

The PCI Security Standards Council is expected to take over the nearly three-year-old Payment Application Best Practices standard, formerly run by Visa, in the first quarter of next year. The program determines and lists which qualified security assessor (QSA)-approved software should be used by retailers to process credit card transactions and meet compliance requirements.

Under PCI Security Standards Council guidance, the benchmark will become known as the Payment Application Data Security Standard (PA DSS) and complement the existing 12-step PCI DSS standard that merchants must follow to safeguard credit card information.

"It will be one global standard, as opposed to just a Visa standard and not a MasterCard or a Discover or an AmEx standard," Bob Russo, general manager of the PCI council, told SCMagazineUS.com today.

The council will be responsible for training and validating QSAs who will analyze vendor point-of-sale systems to ensure they do not store prohibited data, such PIN and CVV2 numbers, he said.

"Anyplace that stores or transmits data in any way, shape or form could be a weak link in the system," Russo said.

Gordon Rapkin, president and chief executive officer of data security firm Protegrity, told SCMagazineUS.com today that the announcement indicates the council is taking a more proactive role in defining what specific solutions merchants should use to meet compliance.

"I think it's the first step toward the PCI Security Standards Council providing a definition of what technology products meet their standards," he said. "I think there's other emerging technology areas where the PCI standard is requiring things, but merchants are saying, ‘How do I know if [the solution] is a good one or if it will be satisfactory?'"

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.