Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Credit card companies revise security standard

New council takes over development of the PCI data security standard.
By Ann Bednarz , NetworkWorld.com , 09/08/2006

Five major credit card companies Thursday announced the formation of an independent body to oversee the development and maintenance of the Payment Card Industry (PCI) data security standard. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International have thrown their weight behind the newly formed PCI Security Standards Council.

Aimed at retailers and companies that process credit-card data, the PCI standard is a set of technology requirements for securing networks and applications, protecting cardholder data, maintaining a vulnerability management program, and regularly validating compliance via a third-party assessment. It was designed to consolidate what in the past have been a bunch of different security guidelines from credit card companies.

But merchants have complained about ambiguities in the PCI standard and compliance hardships since the rules went into effect in June 2005. As of this spring, only 22% of the largest merchants were PCI-compliant, according to Visa estimates.

With the formation of the PCI Security Standards Council, its founding members hope to develop a system that is more accessible and efficient for merchants, processors, point-of-sale vendors and financial institutions. The council's charter tasks include:

* Developing and maintaining a technical data security standard for the protection of account information;
* Reducing costs and lead times for compliance by establishing common technical standards and audit procedures;
* Providing a list of available, qualified security solution providers to help the industry achieve compliance;
* Providing a single source for certifying qualified security assessors and approved scanning vendors; and
* Providing a forum in which stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.

As its first action, the council released the PCI Data Security Standard version 1.1. The new version addresses evolving security threats and provides a framework for ongoing PCI compliance.

The formation of the council and release of the new standard are welcome advances, industry watchers say. In the past, a lack of clarity has left companies struggling to comply with PCI, says Jennifer Mack, director of product management at security vendor Cybertrust.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.