WAKEFIELD, Massachusetts, November 7 /PRNewswire/ --

- Visa's Payment Application Best Practices Program Migrates to Council

The PCI Security Standards Council, an open standards body providing management of the global PCI Data Security Standard (PCI DSS) and PCI PIN Entry Device (PED) Security Requirements, today announced that it is adding a new standard for payment application software. The new standard, called Payment Application Data Security Standard (PA-DSS), is based on Visa's Payment Application Best Practices (PABP). A preliminary draft of this standard has been distributed to the Council's Board of Advisors, Participating Organizations, Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) for their feedback. The Council will incorporate this feedback and publish a final version of the PA-DSS in the first quarter of 2008.

Visa created the PABP to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 and PIN data, and support compliance with the PCI DSS. Internally developed applications by merchants and others are not subject to PCI PA-DSS but are subject to PCI DSS. Approximately 200 products used by a large number of merchants around the globe have already been validated against Visa's PABP and this number is expected to continue growing with the Council's adoption of PA-DSS. Payment applications adhering to the PA-DSS will minimize the potential for security breaches and the resultant fraud.

"With the PA-DSS managed by the Council, we will ensure that payment application providers and their products are subject to data security requirements consistent with the current PCI Data Security Standard," said Bob Russo, general manager, PCI Security Standards Council. "As criminals become more sophisticated and payment application vulnerabilities are realized by our membership, we must ensure that all components of the payments process are subject to rigorous standards that are supported by all of the global payment card brands with a single goal in mind: to protect cardholder data and combat fraud."

Payment application vendors are encouraged to join the PCI Security Standards Council as Participating Organizations and provide feedback on the PA-DSS. Other components of the PA-DSS program will be rolled out following the publication of the standard, including the requirements and training program for QSAs, and ultimately, the publication of a list of validated payment applications.

The PA-DSS is endorsed by all five global payment card brands: American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. With PA-DSS, the PCI Security Standards Council is meeting its strategic mission to develop and maintain global, industry-wide security standards for the protection of payment account information over the entire payment transaction lifecycle. With the Council's adoption of the PA-DSS, there is now a single entity managing global standards and streamlining requirements related to payment card security, which includes the PCI DSS and the PCI PED Security Requirements. By adopting the PA-DSS, the Council establishes a common foundation for widespread adoption of secure payment applications.

The Council has also made available to the general public a list of frequently asked questions regarding PA-DSS and the migration of the Visa PABP to the new standard. This can be found on the Council's Web site at https://www.pcisecuritystandards.org/about/faqs.htm#pa-dss.

For More Information:

If you would like more information about the PCI Security Standards Council or would like to become a Participating Organization, please visit pcisecuritystandards.org or contact the PCI Security Standards Council at info@pcisecuritystandards.org.

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of the PCI Data Security Standard and other standards that increase payment data security.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. and has approximately 300 participating organizations. The Council provides a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the Data Security Standard. Merchants, banks, processors and vendors are encouraged to join as Participating Organizations.

Media Contacts Glenn R. Boyet Ella Nevill or Matthew Mors PCI Security Standards Council Text 100 Public Relations +1-617-876-6248 +1-212-331-8410 (Eastern U.S.) gboyet@pcisecuritystandards.org +1-206-267-2004 (Western U.S.) pci@text100.com

Web site: https://www.pcisecuritystandards.org

Glenn R. Boyet of PCI Security Standards Council, +1-617-876-6248, gboyet@pcisecuritystandards.org; or Ella Nevill or Matthew Mors, both of Text 100 Public Relations, Eastern U.S., +1-212-331-8410, Western U.S., +1-206-267-2004, pci@text100.com, for PCI Security Standards Council