PCI council unveils payment application standard

Share this article:
The Payment Card Industry (PCI) Security Standards Council has officially taken over control of a new data security standard from Visa.

The council announced on Tuesday that it is making available version 1.1 of the PA-DSS (Payment Application Data Security Standard) to complement two other standards it already administers -- the well-known PCI-DSS, a 12-step mandate for safeguarding credit card information, and the PCI PIN Entry Device (PED) standard, which governs devices that accept Visa or MasterCard PINs.

All five major card brands have agreed to the new payment application standard, which lays out 14 separate requirements for software developers that build programs that process credit card payments, said Bob Russo, general manager of the PCI Security Standards Council.

"It's the weakest link out there," Russo told SCMagazineUS.com on Wednesday. "The application is always the way they get in, and if they don't get in that way they always try to get in that way."

By taking over control of the standard, the council will be responsible for training qualified security assessors (QSAs), who will be tasked with vetting and approving payment applications that live up to the requirements.

The guidelines include protecting wireless transmissions and prohibiting the retention of magnetic strip data, Russo said.

Currently, Visa is the only card brand that requires its member merchants to deploy applications that comply with the standard, he said. That may change now that the council is taking the lead role.

A Visa spokesman said the company could not comment on the announcement, but planned to post information related to the standard on its website this week.

Even though the council oversees all three standards related to credit card security, the card brands are responsible for penalizing any offenders.



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.