The Impact of Payment Card Industry Security Requirements on Payment Software Applications

October 13, 2006 by tim.

There is a great article in today’s edition of InfoWorld that talks about how the new credit card security requirements will have “repercussions across the entire high-tech industry,” according to writer Ephraim Schwartz. He specifically talks about how Visa’s Payment Application Best Practices (PABP) ”will quickly turn into de facto VISA requirements, as users of the software, such as merchants or card processors, face stiff fines for using noncompliant software.”

As a merchant, Visa mandates that it is your responsibility to use software applications that are PABP compliant. In fact, your merchant services agreement likely has already been revised with such language. However, simply choosing an application from the list does not satisfy the PCI Data Security Standards — the entire environment must be compliant, not just the application. This means that the server and entire network on which the payment application resides must comply with all of the PCI DSS.

Alternatively, merchants can outsource their payment processing to a Service Provider that has been recognized as fully PCI compliant by being included on Visa’s List of Compliant Service Providers.

Posted in Payment Card Industry / Credit Card Security | No Comments »