PCI council to take over secure application standard

Share this article:

The body charged with managing and promoting the Payment Card Industry Data Security Standard (PCI DSS) announced today it will soon administer another set of merchant guidelines involving secure payment systems.

The PCI Security Standards Council is expected to take over the nearly three-year-old Payment Application Best Practices standard, formerly run by Visa, in the first quarter of next year. The program determines and lists which qualified security assessor (QSA)-approved software should be used by retailers to process credit card transactions and meet compliance requirements.

Under PCI Security Standards Council guidance, the benchmark will become known as the Payment Application Data Security Standard (PA DSS) and complement the existing 12-step PCI DSS standard that merchants must follow to safeguard credit card information.

"It will be one global standard, as opposed to just a Visa standard and not a MasterCard or a Discover or an AmEx standard," Bob Russo, general manager of the PCI council, told SCMagazineUS.com today.

The council will be responsible for training and validating QSAs who will analyze vendor point-of-sale systems to ensure they do not store prohibited data, such PIN and CVV2 numbers, he said.

"Anyplace that stores or transmits data in any way, shape or form could be a weak link in the system," Russo said.

Gordon Rapkin, president and chief executive officer of data security firm Protegrity, told SCMagazineUS.com today that the announcement indicates the council is taking a more proactive role in defining what specific solutions merchants should use to meet compliance.

"I think it's the first step toward the PCI Security Standards Council providing a definition of what technology products meet their standards," he said. "I think there's other emerging technology areas where the PCI standard is requiring things, but merchants are saying, ‘How do I know if [the solution] is a good one or if it will be satisfactory?'"

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Security foundation also warns of Netis router backdoor

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.