The PCI Security Standards Council (PCI SSC) has released a new version of its data security standard for payment software, the Payment Application Data Security Standard (PA-DSS) version 3.2, to address growing threats to customer payment data.
Payment application vendors use the PA-DSS to ensure their software products will protect payment card data from theft.
The PA-DSS Validated software is used by merchants and other businesses globally to ensure they can safely accept payments, both in-store and online. It also supports businesses in their efforts to secure payment card data throughout their systems and networks, which is required by the more comprehensive PCI Data Security Standard (PCI DSS).
PCI Security Standards Council chief technology officer Troy Leach said: "We continue to see how failure to properly configure and patch payment applications exposes organizations to attacks that lead to mass data compromise.
"That’s why in addition to updating PA-DSS to support PCI DSS 3.2, we’ve added more guidance to help integrators, resellers, and others implementing payment software to configure it properly and protect payment account data."
Important changes in PA-DSS 3.2 include clarifications to existing requirements and updating requirements to align with PCI DSS v3.2.