GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Agents of change

News

Industry Update

Private label, public dilemma

Fed insures open loop cards

Reading Black Friday tea leaves

PCI help on the way

Boost online loyalty with new tales

Features

From restaurants to revenue streams

The archetype in the mirror

The archetype in the mirror

The archetype in the mirror

The archetype in the mirror

ISOMetrics:
The spend of Holidays past

Views

Consumers' new mantra: Shop smart

Patti Murphy
The Takoma Group

Embracing PA DSS compliance

Dave Faoro
VeriFone

Gear up now for PCI PED compliance

Biff Matthews
CardWare International

The case for collecting fees

Ken Musante
Humboldt Merchant Services

The case for collecting fees

Ken Musante
Humboldt Merchant Services

Education

Street SmartsSM:
E-commerce essentials

Jason Felts
Advanced Merchant Services

Shifting focus for 2009

Christian Murray
Global eTelecom Inc.

Recruiting top college grads

Curt Hensley
CSH Consulting

A little analysis, significant rewards

Jeff Fortney
Clearent LLC

Looking beyond PCI

Tim Cranny
Panoptic Security Inc.

Preparing risk departments for the holidays

Deana Sellens
Take Charge Business Consulting LLC

10 ways to prevent credit card loss

Gino Kauzlarich
MerchantService.com

Company Profile

On-line Strategies Inc.

New Products

Lift that tradeshow burden

Rotolift
Jelco Inc.

POS in a box

HP rp3000 POS bundle
Hewlett-Packard Co. LP

Inspiration

Ditch the holiday roller coaster

Miscellaneous

POScprit

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

December 08, 2008  •  Issue 08:12:01

previous next

PCI help on the way

The Payment Card Industry (PCI) Security Standards Council (SSC) launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). The program is intended to promote reliable interpretation of the PCI DSS and ensure quality among all vendors.

The PCI SSC, managing body for the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application (PA) DSS, developed the plan in response to industry input.

"Feedback from the council's participating organizations and others made it clear that the assessment process for the PCI standards would benefit greatly from more rigorous guidelines," said Bob Russo, General Manager for the PCI SSC. "As a result, we created a clear-cut program that will help ensure all those involved in this process are consistent, credible, competent and ethical."

The new program will provide QSAs and ASVs a set of requirements to help ensure consistent, quality validation and assessment services to merchants and financial institutions.

Necessary guidance

Glen Boyet, Director of Marketing and Communications for the PCI SSC, said the PCI SSC took "an important step to ensure a level playing field for merchants and service providers who use outside assistance in their PCI DSS compliance efforts."

Through the program's eight guiding principles, the PCI SSC and assessor community commit to:

Responsible oversight

An expanded range of communication channels will allow the PCI SSC to interact with assessors, merchants and service providers on an ongoing basis through certification reviews, credit checks, training, educational webinars, newsletters, e-mail, question and answer documents, informational supplements and feedback forms. To retain the ability to conduct PCI assessments, QSAs and ASVs registered with the PCI SSC must participate in the program.

PCI SSC staff will validate assessor application and renewals, ensure that training is relevant and accessible to organizations and maintain the integrity of the testing process. The PCI SSC team will be responsible for monitoring and overseeing the program, including taking disciplinary action when necessary. The program will be rolled out in four stages in 2009.

A webinar designed for merchants and service providers who are implementing the PCI DSS and want to better understand the changes brought about with version 1.2 (released October 2008) was presented Nov. 25, 2008.

The session will address key elements of PCI DSS version 1.2 and what it means for any organization's compliance efforts. For more information on the PCI SSC and becoming a participating organization, please visit http://www.pcisecuritystandards.org, or e-mail participation@pcisecuritystandards.org.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems