Upcoming PCI Deadlines

A number of deadlines are coming up next year. Are you ready? Don't be caught unaware.
 
Payment Application Data Security Standard (PA DSS) and the PIN Entry Device standard (PED) support the PCI DSS and address security of applications and hardware used to process payment card transactions.
 
“PA-DSS is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.” - Payment Card Industry Security Standards Council
 
“The PCI PED security alignment initiative is aimed at ensuring that the cardholder’s PIN, and any sensitive information such as resident keys, are protected consistently at a PIN acceptance device. The objective of the requirements is the provision of a single, consistent, and stringent standard for all PIN acceptance devices worldwide”. - Payment Card Industry Security Standards Council
 
These supporting standards are aimed at vendors who are creating applications and hardware devices used in the processing of payment cards. Merchants should be aware of these standards and purchase applications and hardware devices that are compliant with these standards. At this time, Merchants will be required to use only compliant applications and hardware by July 2010.
 
What do you need to do? Determine if you applications and PIN entry devices are PCI compliant. If not plan to replace them as soon as possible. Don't wait until the last minute on this one.
 
How do you find out which ones are PCI compliant?
 
List of Validated Payment Applications:
https://www.pcisecuritystandards.org/security_standards/vpa/
List of PIN Entry Devices:
https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html
 
Donald E. Hester
CISSP, CISA, CAP, PSP, MCT, MCITP, MCSE Security, MCSA Security, MCTS, MCDST, Security+, CTT+, MV
 
Brought to you by Maze & Associates, a leading Northern California Accounting Firm specializing in Municipal & Nonprofit Audit, Tax for individuals and all types of entities, Information System Audits, Security Reviews, as well as PCI Scans and certified training. Maze & Associates is a PCI ASV - Approved Scanning Vendor.
 
RSS Subscription: http://feeds2.feedburner.com/learnsecurityblog
 
Disclaimer: The views expressed here are those of the author and do not represent those of Maze & Associates.