- Google Earth used to predict electrical problems
- Kaminsky: Many ways to attack with DNS
- Tools to evade China's Web censorship
- Procter & Gamble's Cisco TelePresence experience
- Adobe warns of fake Flash installers
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Five major credit card companies Thursday announced the formation of an independent body to oversee the development and maintenance of the Payment Card Industry (PCI) data security standard. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International have thrown their weight behind the newly formed PCI Security Standards Council.
Aimed at retailers and companies that process credit-card data, the PCI standard is a set of technology requirements for securing networks and applications, protecting cardholder data, maintaining a vulnerability management program, and regularly validating compliance via a third-party assessment. It was designed to consolidate what in the past have been a bunch of different security guidelines from credit card companies.
But merchants have complained about ambiguities in the PCI standard and compliance hardships since the rules went into effect in June 2005. As of this spring, only 22% of the largest merchants were PCI-compliant, according to Visa estimates.
With the formation of the PCI Security Standards Council, its founding members hope to develop a system that is more accessible and efficient for merchants, processors, point-of-sale vendors and financial institutions. The council's charter tasks include:
* Developing and maintaining a technical data security standard for the protection of account information;
* Reducing costs and lead times for compliance by establishing common technical standards and audit procedures;
* Providing a list of available, qualified security solution providers to help the industry achieve compliance;
* Providing a single source for certifying qualified security assessors and approved scanning vendors; and
* Providing a forum in which stakeholders can provide input into the ongoing development, enhancement and dissemination of
data security standards.
As its first action, the council released the PCI Data Security Standard version 1.1. The new version addresses evolving security threats and provides a framework for ongoing PCI compliance.
The formation of the council and release of the new standard are welcome advances, industry watchers say. In the past, a lack of clarity has left companies struggling to comply with PCI, says Jennifer Mack, director of product management at security vendor Cybertrust.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment