CC Image


                                  


                       PCI NewsFlash        May 2008 - 2 
About

Many of you have recently been added to our PCI, Compliance, Security and GRC newsflash. This is informational news on the latest changes to PCI regulations and other IT Governance updates that we will be providing to all of you periodically.
 
PCI SSC clarifies Penetration Testing Requirement 11.3
handshakeRequirement 11.3 of the PCI DSS addresses Penetration Testing. A Penetration Test is quite different as compared to the external and internal Vulnerability Assessments (mentioned in Requirement 11.2). These assessments simply identify and report vulnerabilities,  whereas a penetration test attempts to exploit  such vulnerabilities in order to determine whether any unauthorized access or other malevolent activity is possible. [More]
The Transition Procedures from PABP to PA-DSS
creditcard swipePayment Application Best Practices (PABP), the guideline for payment application vendors, has been tailored into a new security standard: Payment Application Data Security Standard (PA-DSS).

There are certain Transition Procedures which are used by Payment Application Qualified Security Assessors (or PA-QSAs), wherever appropiate, to transition an application from VISA's list of PABP Validated Payment Applications to the PCI SSC list of PA-DSS Validated  Payment Applications.


To know more about these procedures, please click here.
PCI Council incorporates PIN PED requirements
creditcard swipeThe PCI Council has designed Pin Entry Device (PED) Requirements to ensure that Personal Identification Number (PIN) - based transactions conducted globally are totally secure. These requirements apply to all devices that accept PIN entry for any PIN-based transactions.

Besides taking over the responsibility of PED Security Requirements, the PCI Council also maintains the listing of all approved devices and supporting documents for device makers looking to ensure that their equipment meets these key standards. By doing this, the Council provides merchants and service providers with a single information source on PED equipment that can be used immediately.

To see the PED Requirements and to check the list of approved PIN Devices, please click on the related link: Requirements ; Approved Devices
Please let us know incase of any suggestions you may have. Also, please feel free to forward this to other people in the industry for signup as well.
In This Issue
PCI SSC clarifies Penetration Testing Requirement 11.3
PABP to PA-DSS
PIN PED requirements
Feature Article: ControlCase, an approved ASV
Quick Links
creditcard swipe
Approved Scanning Vendor
ControlCase is an Approved Scanning Vendor (ASV) for the Payment Card Industry (PCI) ....[More]