PCI council unveils payment application standard

Share this article:
The Payment Card Industry (PCI) Security Standards Council has officially taken over control of a new data security standard from Visa.

The council announced on Tuesday that it is making available version 1.1 of the PA-DSS (Payment Application Data Security Standard) to complement two other standards it already administers -- the well-known PCI-DSS, a 12-step mandate for safeguarding credit card information, and the PCI PIN Entry Device (PED) standard, which governs devices that accept Visa or MasterCard PINs.

All five major card brands have agreed to the new payment application standard, which lays out 14 separate requirements for software developers that build programs that process credit card payments, said Bob Russo, general manager of the PCI Security Standards Council.

"It's the weakest link out there," Russo told SCMagazineUS.com on Wednesday. "The application is always the way they get in, and if they don't get in that way they always try to get in that way."

By taking over control of the standard, the council will be responsible for training qualified security assessors (QSAs), who will be tasked with vetting and approving payment applications that live up to the requirements.

The guidelines include protecting wireless transmissions and prohibiting the retention of magnetic strip data, Russo said.

Currently, Visa is the only card brand that requires its member merchants to deploy applications that comply with the standard, he said. That may change now that the council is taking the lead role.

A Visa spokesman said the company could not comment on the announcement, but planned to post information related to the standard on its website this week.

Even though the council oversees all three standards related to credit card security, the card brands are responsible for penalizing any offenders.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.