Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Council to provide secure payment application installation training to support PCI DSS compliance

Council to provide secure payment application installation training to support PCI DSS compliance

 

The Payment Card Industry Security Standards Council (PCI SSC) is targeting payment applications with a new training and certification programme.

 

The standards body this week said its plans target the training and certification of payment software integrators and resellers on the secure installation and maintenance of validated Payment Application Data Security Standard (PA-DSS) applications into merchant environments to support PCI DSS compliance.

 

This new PCI Qualified Integrators and Resellers (QIR) programme is planned for roll out online over the coming months, with training set to begin late this summer. The council also said a global list of PCI Qualified Integrators and Resellers will be available later this year.

 

Safeguarding third-party support

 

In its 2012 Global Security Report, Trustwave reports that 76% of the breaches investigated in 2011 were a result of security vulnerabilities introduced by a third party responsible for system  support, development and/or maintenance of business environments. 

 

The report found that errors introduced during implementation, configuration and support of PA-DSS validated payment applications by third parties into merchant environments were identified as a significant risk to the security of cardholder data. Specifically, it identified small businesses in the food and beverage industry that rely heavily on outsourcing as particularly vulnerable, making up the bulk of the compromises.

 

To help address this security challenge, merchants, acquirers, payment software vendors and card brands participated in a PCI Council taskforce to evaluate market needs and make recommendations on how to address them.

 

Boosting card security compliance

 

The council said that the resulting QIR programme and global integrators and resellers list will provide integrators and resellers that sell, install and/or service payment applications on behalf of software vendors or others the opportunity to receive specialised training and certification on the secure installation and maintenance of validated payment applications into merchant environments in a manner that supports PCI DSS compliance.

 

“This programme comes as a direct result of industry feedback and stakeholder requests for greater quality assurance and accountability around the secure installation of payment software,” said Bob Russo, PCI Security Standards Council general manager. 

 

“Not only will it help integrators and resellers better understand how to address some of the basic security flaws we’re seeing that can be easily avoided, but it will also make it easier for merchants to have confidence in the services being provided to them. Retailers and franchise operators alike will have a go-to resource they can trust for making sure their applications and systems are being installed and maintained properly.”

 

Those interested in participating in the programme can visit https://www.pcisecuritystandards.org/qir or contact qir@pcisecuritystandards.org with questions.