The Wakefield, Mass.-based PCI Security Standards Council (PCISSC) revised its Payment Application Data Security Standard(PA-DSS) to address vulnerabilities in encryption protocols thatprimarily affect web servers and browsers that drive paymentterminals.

PA-DSS 3.1 aligns with the recent release of PCI Data SecurityStandard 3.1, which primarily addressed vulnerabilities in theSecure Sockets Layer (SSL) encryption protocol that can put paymentdata at risk. With this revision and supporting guidance, theCouncil urges organizations to understand if and how their paymentapplications are using SSL and upgrade to a secure version ofTLS.

“The vulnerabilities are so concerning that the PCI SecurityStandards Council went against their standard release process andmade an interim change to the PA-DSS standard,” Brad Cyprus, chiefof security and compliance at the Houston-based Netsurion (formerlyVendorSafe), a provider of secure networks, said. “The life cyclefor the standards is supposed to be three years, but the issueswith SSL (and early TLS) were so great in the opinion of the PCISecurity Standards Council that they made this drastic move toaddress what they believed to be an immediate threat to the paymentlandscape.”

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
  • Educational webcasts, white papers, and ebooks from industry thought leaders.
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).