Posted by DFM on Feb 14, 2014
Learning About the Finer Points of PCI PA-DSS

Learning About the Finer Points of PCI PA-DSS

Learning About the Finer Points of PCI PA-DSSLearning About the Finer Points of PCI PA-DSS doesn’t have tone complicated. Payment Card Industry Payment Application Data Security Standard, mercifully known otherwise as PCI PA-DSS, relates to the software that deals with the data of people using cards to make purchases. This is the security standard set for everyone in the world that was created by the Payment Card Industry Security Standards Council. The reason this exists at all is from a coordinated effort to offer up a definitive standard for handling data by those who develop and sell software applications that can process payments. By having a standard in place, there are fewer payment applications developed by third parties that are capable of storing secure data. With respect to credit cards, the types of data that are considered sensitive and secure are the PIN, the CVV2, and the magnetic stripe. Software vendors have to develop payment applications in accordance with data security standards in order to operate in a legal retail setting. There are fourteen protections that software vendors must ensure in order to be considered compliant with the PCI PA-DSS. First, they cannot retain the full magnetic stripe. They must also protect any cardholder data that they store. There must be authentication features in place to verify the identity of the user. All payment application activity must be logged, and there needs to be a secure payment application. Any wireless transmissions must be protected, and the vendors must test all the payment applications they develop to assess their level of vulnerability. They must make a solid effort to facilitate the implementation of a secure network. The vendor can never store the cardholder’s data on a server with Internet access, otherwise it could be compromised. They must also encrypt all traffic that goes over public networks and encrypt administrative access. Finally, they need to keep all instructional document on hand for customers.