PCI Security Standards Council issues Payment Application Data Security Standard
Posted on 16 April 2008.
The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the release of version 1.1 of the Payment Application Data Security Standard (PA-DSS).


Following release of the PA-DSS, this fall the Council will also roll out a program to include maintenance of a list of validated payment applications. This list will enable buyers to identify the payment applications that have been recognized by the PCI SSC and meet the new standard.

Increasingly criminals are targeting vulnerabilities in payment applications to steal payment card data, and some software may be storing sensitive card data on a userís system unknowingly.

PA-DSS is the Council-managed program formerly managed by Visa and known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and ensure their payment applications support compliance with the PCI DSS. PA-DSS requirements apply to payment applications that are sold, distributed or licensed to third parties.

PA-DSS requirements do not apply to in-house payment applications developed by merchants or service providers that are not sold to a third party, but these applications must still be secured in accordance with the PCI DSS.

In addition, over the coming months, the Council will be qualifying companies to become Payment Application Qualified Security Assessors (PA-QSAs). Companies that are approved as PA-QSAs will be recognized in a Council maintained and published list and can begin conducting PA-DSS assessments in accordance with the PA-DSS Security Audit Procedures. All companies that were previously recognized as PA-QSAs under Visa PABP will need to enroll and re-validate as a Council PA-QSA. Payment applications validated compliant under Visaís PABP program will transition to the PCI SSC approved list.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //