In Las Vegas, Nevada, last week, the security requirements of the payments industry could be getting ready to undergo a major change. This is because the PCI Security Standards Council has just wrapped up meetings that will lead to the third version of the Payment Card Industry’s DDS and the Application Data Security Standard, which will be revealed in November.
A recent article from Bank Info Security featured an interview with Bob Russo and Troy Leach, two members of the PCI Security Standards Council.
According to Russo, many of the changes coming down the pipeline came out of feedback from board members as well as the industry as a whole. Key discussion areas include passwords and authentication requirements.
Leach added that a big focus was on merchant and point-of-sale security. He pointed out that merchants have experienced breaches when it comes to default passwords for POS software and hardware, and confusion when it comes to emerging technology like mobile and cloud based payment options.
“We continue to see attacks directly against merchants using malware, and they’re usually using two or three forms of malware in order to create the compromise,” Leach said. “Malware will continue be a heavily emphasized point by the council.”
Any merchant will need to pay attention when the official version of the new standards are put out later this year. With the help of a payment services provider, any company can make sure it stays updated on the latest security requirements and does’t fall behind.