A Tribute to a Foundational Commonplace | Tech Ex

On October 28, 2022, the PCI Safety Requirements Council (PCI SSC) formally withdrew its Cost Utility Information Safety Commonplace (PA-DSS). As one of many first requirements and applications of its form, PA-DSS laid the inspiration for software program safety within the fee trade and has served the wants of the fee trade for greater than 14 years.

Because the wants of the fee trade have developed, so has the method to software program safety requirements. An modern method, the PCI Safe Software program Commonplace, was wanted to assist trendy fee software program architectures and software program improvement methodologies, and to guard fee software program from more and more advanced software program assaults.

As we transfer ahead with the subsequent evolution of fee software program safety by way of the PCI Software program Safety Framework, the Council want to take this second to honor PA-DSS, one of many unique and foundational fee safety requirements of the group and trade.

On this video tribute, present and former workers of the PCI Safety Requirements Council say goodbye to PA-DSS and replicate on what the usual has meant to them over the previous 14 years.

The video options two workers who have been instrumental within the improvement and implementation of PA-DSS and its program in 2008; former Council Normal Supervisor Bob Russo (now retired); and PCI SSC Technical Working Group Chair Lauren Holloway (now PCI SSC Director of Information Safety Requirements).

Additionally featured within the video:

• Marc Bayerkohler, Requirements Coach, PCI SSC
• Brandy Cumberland, Director of Program High quality, PCI SSC
• Elizabeth Terry, Senior Group Engagement Supervisor, PCI SSC
• Tom White, Senior Supervisor of Content material Growth, PCI SSC

Historical past

PA-DSS, introduced on April 15, 2008, was previously created by Visa Inc. and generally known as Cost Utility Greatest Practices (PABP). It was created to assist software program distributors and others develop safe fee functions that don’t retailer prohibited knowledge and assist PCI DSS (Information Safety Commonplace) compliance.

Cost functions that adhere to PA-DSS minimized the potential for safety breaches and ensuing fraud. Different parts of the PA-DSS program have been applied following the publication of the usual, together with the necessities and coaching program for PA-QSAs (Cost Utility Certified Safety Assessors) and, finally, the publication of a listing of validated fee functions.

Supported by all 5 of PCI’s collaborating fee manufacturers on the time: American Categorical, Uncover, JCB Worldwide, Mastercard, and Visa Inc., PA-DSS helped the PCI Safety Requirements Council fulfill its strategic mission: to develop and keep world options for all of the trade. safety requirements for the safety of fee account info all through the life cycle of the fee transaction.

PA-DSS was transformational for each the Council and the trade. With the Council’s adoption of PA-DSS, there was now a single entity managing world requirements and simplifying necessities associated to fee knowledge safety, together with PCI DSS and PCI PED (PIN Entry) safety necessities. gadgets). By adopting PA-DSS, the Council established a standard basis for the widespread adoption of safe fee functions.

On behalf of all of us on the Board, we thanks, PA-DSS, for serving the trade effectively, and congratulations in your well-deserved retirement!

The longer term: the software program safety framework

In January 2019, PCI SSC revealed new necessities for the safe design and improvement of recent fee software program. The PCI Safe Software program customary and the PCI Safe Software program Lifecycle (Safe SLC) customary are a part of the PCI Software program Safety Framework (SSF), which features a validation program for software program distributors and their software program merchandise and a qualification program for testers.

The PCI Safe Software program Commonplace expands on key fee utility and knowledge safety rules first launched in PA-DSS, and is designed to assist a a lot bigger set of safety software program architectures, options, and improvement methodologies. fee.

The PCI Safe SLC customary offers safety necessities and evaluation procedures for software program distributors to combine into their software program improvement lifecycles and to validate that safe lifecycle administration practices are in place.

To be taught extra about how the PCI Software program Safety Framework depends on PA-DSS to drive fee software program validation, go to our weblog posts:

Anybody desirous about studying extra in regards to the Software program Safety Framework requirements is inspired to attend the SSF Information Coaching. New this yr information coaching The programs are designed to bridge the information hole between organizations and testers by offering studying alternatives for people to undergo the identical coaching and examination because the tester. Information coaching is obtainable for each the Safe Software program Lifecycle Guide (Safe SLC) course and the Safe Software program Guide course.

PCI SSC presents PA-DSS suppliers a particular low cost for information coaching in 2023. If you’re a PA-DSS supplier, please contact your PA-DSS program administrator for particulars on the right way to make the most of this particular provide.

Additionally on the weblog: Watch and be taught all about information coaching