Regulatory Compliance, Governance and Security

Mar 23 2009   11:53AM GMT

Payment Card Industry Compliance | Its much more than just PCI DSS



When people think of payment card industry compliance, they naturally think of PCI DSS compliance. And to be fair, the vast majority of organizations undergoing PCI DSS compliance are merchants and service providers who have to either conduct their own self assessment or go through an on-site assessment with a Qualified Security Assessor (QSA).

But here’s what else you need to know about payment card industry compliance and how it could affect you.

Payment Application Data Security Standard (PA-DSS)

The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.

Pin Entry Devices (PED)
To gain approval by PCI Security Standards Council, PIN entry devices must comply with the requirements and guidelines specified by a number of documents listed on the PCI SSC website.

In summary, these are two additional compliance initiatives outside of the traditional PCI DSS assessments that many people are not familiar with. I’ll be covering these in a much more in-depth manner in subsequent blogs.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Squish
    Many organisations have recently been asking how they can comply with PCI DSS requirements. Especially when credit card transactions are taken over the phone, which means people's card details are recorded along with the conversation, including the security code. Read expert advice about how companies can protect phoned-in credit card data and maintain[A href=""]PCI DSS compliance[/A].
    80 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: