Home page logo

isn logo Information Security News mailing list archives

Critiquing the New Version of PCI-DSS
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 11 Nov 2013 06:31:31 +0000 (UTC)


By Tracy Kitten
Bank Info Security
November 8, 2013

Security experts say they're pleased with many of the changes and additions in this year's update to the Payment Card Industry's Data Security Standard and the Application Data Security Standard. But they also note some glaring omissions and express concern that neither standard has much enforcement action behind it.

What they like about version 3.0 of the two standards, the first update since 2010, is the greater emphasis on third-party and payments processing risks and more stringent security requirements for payment application developers. What they don't like, however, is the update's lack of security requirements for mobile payments and specific strategies for governance of ongoing risk assessments and compliance enforcement.

The new version of the two standards were issued Nov. 7, but they don't take effect until January and they won't be enforced until 2015 (see PCI Update: Focus on Third-Party Risks).


Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

  By Date           By Thread  

Current thread:
  • Critiquing the New Version of PCI-DSS InfoSec News (Nov 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]