PCI Council Strengthens Data Security

Visa's Payment Application Best Practices program migrates to Council

Dark Reading Staff, Dark Reading

November 7, 2007

2 Min Read

WAKEFIELD, Mass. -- The PCI Security Standards Council, an open standards body providing management of the global PCI Data Security Standard (PCI DSS) and PCI PIN Entry Device (PED) Security Requirements, today announced that it is adding a new standard for payment application software.

The new standard called Payment Application Data Security Standard (PA-DSS) is based on Visa's Payment Application Best Practices (PABP). A preliminary draft of this standard has been distributed to the Council's Board of Advisors, participating organizations, Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) for their feedback. The Council will incorporate this feedback and publish a final version of the PA-DSS in the first quarter of 2008.

Visa created the PABP to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 and PIN data, and support compliance with the PCI DSS.

Internally developed applications by merchants and others are not subject to PCI PA-DSS but are subject to PCI DSS. Approximately 200 products used by a large number of merchants around the globe have already been validated against Visa's PABP and this number is expected to continue growing with the Council's adoption of PA-DSS. Payment applications adhering to the PA-DSS will minimize the potential for security breaches and the resultant fraud.

"With the PA-DSS managed by the Council, we will ensure that payment application providers and their products are subject to data security requirements consistent with the current PCI Data Security Standard," said Bob Russo, general manager, PCI Security Standards Council. "As criminals become more sophisticated and payment application vulnerabilities are realized by our membership, we must ensure that all components of the payments process are subject to rigorous standards that are supported by all of the global payment card brands with a single goal in mind: to protect cardholder data and combat fraud."

PCI Security Standards Council LLC

Read more about:

2007

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Human profiles made out of crumpled paper, with one smoldering around the brain area as smoke rises
Cybersecurity Operations
9 Tips to Avoid Burnout in Cybersecurity9 Tips to Avoid Burnout in Cybersecurity
byJoan Goodchild, Contributing Writer
May 30, 2024
9 Slides
Dark web concept image with hooded hacker
Cyberattacks & Data Breaches
Leak Site BreachForums Springs Back to Life Weeks After FBI TakedownLeak Site BreachForums Springs Back to Life Weeks After FBI Takedown
byJai Vijayan, Contributing Writer
May 29, 2024
4 Min Read
CISO and team looking at screens with cybersecurity information.
Cyber Risk
Making the Case for 'Reasonable' CybersecurityMaking the Case for 'Reasonable' Cybersecurity
byStephen Lawton, Contributing Writer
May 28, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events