PCI council to take over secure application standard

Share this article:

The body charged with managing and promoting the Payment Card Industry Data Security Standard (PCI DSS) announced today it will soon administer another set of merchant guidelines involving secure payment systems.

The PCI Security Standards Council is expected to take over the nearly three-year-old Payment Application Best Practices standard, formerly run by Visa, in the first quarter of next year. The program determines and lists which qualified security assessor (QSA)-approved software should be used by retailers to process credit card transactions and meet compliance requirements.

Under PCI Security Standards Council guidance, the benchmark will become known as the Payment Application Data Security Standard (PA DSS) and complement the existing 12-step PCI DSS standard that merchants must follow to safeguard credit card information.

"It will be one global standard, as opposed to just a Visa standard and not a MasterCard or a Discover or an AmEx standard," Bob Russo, general manager of the PCI council, told SCMagazineUS.com today.

The council will be responsible for training and validating QSAs who will analyze vendor point-of-sale systems to ensure they do not store prohibited data, such PIN and CVV2 numbers, he said.

"Anyplace that stores or transmits data in any way, shape or form could be a weak link in the system," Russo said.

Gordon Rapkin, president and chief executive officer of data security firm Protegrity, told SCMagazineUS.com today that the announcement indicates the council is taking a more proactive role in defining what specific solutions merchants should use to meet compliance.

"I think it's the first step toward the PCI Security Standards Council providing a definition of what technology products meet their standards," he said. "I think there's other emerging technology areas where the PCI standard is requiring things, but merchants are saying, ‘How do I know if [the solution] is a good one or if it will be satisfactory?'"

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.