Payment security compliance deadlines and revisions announced
Merchants should be aware of the pending payment industry deadline of July 1, 2010 related to the Payment Application Data Security Standards (PA-DSS).
Effective July 1, 2010, acquirers must ensure that merchants only use PA-DSS compliant applications.
What does this mean to merchants? If you are using old payment devices or software, you may need to upgrade. Merchants using point of sale register systems should inquire with their point of sale vendor about their compliance status if they have not already done so. Merchants should also review the information posted on the PCI Security Standards Council website at https://www.pcisecuritystandards.org/security_standards/vpa/ or on the Visa website at http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp.
PA-DSS is part of the overall Payment Card Industry Data Security Standard (PCI DSS) to protect account data in payment transactions. Unfortunately, there are no single-step solutions for PCI DSS compliance as security standards continually evolve based on industry feedback, real world security incidences and new emerging payment technologies like unattended payment terminals and EMV chips.
The last revision of the data security standard was in October 2008. According to Bruce Rutherford, chairman of the PCI Security Standards Council, a new iteration of the DSS is coming this year.
- Late April: New PIN transaction security (PTS) standard released (formerly PIN Entry Device (PED) Standard).
- October 2010: Next iteration of both PCI DSS and PA DSS released to public.
While many merchants are not deemed high risk, all merchants should follow best practices to comply with securing cardholder data. Remember; if you don’t need it, don’t store it. Please visit http://www.vantagecard.com/resources/PCI_Data_Security.html for additional information on PCI and compliance.