PCI Security Standards Council (PCI SSC) has recently released Version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS). Organizations have one year (till December 31, 2014) to become compliant with the new standard.
Continue reading “PCI DSS Version 3.0 Released”
Understanding PCI DSS compliance requirements
Payment Card Industry Security Standards Council (PCI SSC) has prescribed PCI Data Security Standards (PCI DSS) for keeping payment cardholder data secure. PCI DSS applies to any business that stores, processes, or transmits cardholder data. In practice, this means PCI applies to all merchants that accept card payments, as well as to the member financial institutions and service providers that process the associated transactions. Matrix of the compliance requirements prescribed by PCI SSC is given in the table below. Before studying the table, it would be helpful to understand the terms cardholder data, merchant, service provider, acquirer, application scanning vendor and qualified security assessor. Continue reading “Understanding PCI DSS compliance requirements”
PCI DSS Compliance Program undergoes a change
Last week, Visa announced a new Payment Card Industry Data Security Standard (PCI DSS) compliance program that will fuel dynamic data authentication.
This will mean that merchants will not need to validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) if at least 75% of the merchant’s annual Visa card transactions originate on smartcard-enabled terminals.
Continue reading “PCI DSS Compliance Program undergoes a change”
PCI Compliance-Code Review or Web Application Firewall
Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.
Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.
Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.
Continue reading “PCI Compliance-Code Review or Web Application Firewall”