According to Amy S. Mushahwar, of counsel at Ballard Spahr LLP, in Washington, companies that are unaware of the Payment Card Industry Security Standards Council's standards “could be walking into a rat's nest.” Organizations that are affected by the standards should use the recent version 3.0 of two security standards to bring their practices into compliance, she said.
A global forum, the council develops payment card security standards including the two security standards in question: the Payment Application-Data Security Standard (PA-DSS) and the Payment Card Industry Data Security Standard (PCI DSS). The council recently released version 3.0 of both standards.
The PA-DSS helps software vendors develop secure payment applications, while the PCI DSS, a self-regulatory entity, requires organizations that handle credit card transactions to maintain certain data security measures. Failure to maintain these security measures may result in the cut off of their ability to process cards, fines or both.
The updated versions (3.0) of both the PCI DSS and PA-DSS will take effect Jan. 1, 2014, said representative for the council, Laura Johnson. To allow companies the time to adapt to the changes version 2.0 will remain active until Dec. 31, 2014.
Having PA-DSS-compliant software does not necessarily mean you are also PCI DSS-compliant, said Mushahwar. They still must review their “card-processing infrastructure and data flow” to ensure they are compliant with both standards. This is the most common mistake companies make, she added. Data breaches generally result from gaps between vendors and merchants as well as viruses, botnets and malware.
PCI DSS focus primarily on security risks resulting from viruses, botnets, malware and third party vendors. “Version 3.0 will help organizations make payment security part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility,” said the council in a statement.
About AmberSail.uk.com
Ambersail (http://www.ambersail.uk.com/pci-compliance.php) is an experienced Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). Operating in many parts of the world we work with banks, retailers, software vendors, manufacturers and government bodies.
Distributed by Iterate LLC
Company Name:AmberSail.uk.com
Contact Person: Benjamin Wrights
Email:media@vytalnet.com
Phone: 4157669098
City: San Francisco
State: CA
Country: United States
Website: http://www.ambersail.uk.com/pci-compliance.php