PCI council unveils payment application standard

Share this article:
The Payment Card Industry (PCI) Security Standards Council has officially taken over control of a new data security standard from Visa.

The council announced on Tuesday that it is making available version 1.1 of the PA-DSS (Payment Application Data Security Standard) to complement two other standards it already administers -- the well-known PCI-DSS, a 12-step mandate for safeguarding credit card information, and the PCI PIN Entry Device (PED) standard, which governs devices that accept Visa or MasterCard PINs.

All five major card brands have agreed to the new payment application standard, which lays out 14 separate requirements for software developers that build programs that process credit card payments, said Bob Russo, general manager of the PCI Security Standards Council.

"It's the weakest link out there," Russo told SCMagazineUS.com on Wednesday. "The application is always the way they get in, and if they don't get in that way they always try to get in that way."

By taking over control of the standard, the council will be responsible for training qualified security assessors (QSAs), who will be tasked with vetting and approving payment applications that live up to the requirements.

The guidelines include protecting wireless transmissions and prohibiting the retention of magnetic strip data, Russo said.

Currently, Visa is the only card brand that requires its member merchants to deploy applications that comply with the standard, he said. That may change now that the council is taking the lead role.

A Visa spokesman said the company could not comment on the announcement, but planned to post information related to the standard on its website this week.

Even though the council oversees all three standards related to credit card security, the card brands are responsible for penalizing any offenders.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."