WAKEFIELD, Mass., 07 December 2022 — Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks.
Version 1.2 of the PCI Secure Software Standard introduces the Web Software Module, a set of supplemental security requirements to address the most common security issues related to the use of internet-accessible payment technologies.
“The PCI Secure Software Standard is designed to offer a more flexible approach to how we test the security and integrity of payment software,” said Emma Sutcliffe, SVP Standards Officer, PCI Security Standards Council. “The Web Software Module was introduced to aid software vendors and developers in identifying and implementing appropriate software security controls to protect against common web software attacks.”
There are four high-level requirement areas included in the Web Software Module:
“The introduction of the new Web Software Module as part of the Secure Software Standard v1.2 marks the end of our initial efforts to launch the Software Security Framework,” said Andrew Jamieson, VP Solution Standards, PCI Security Standards Council. “The next phase of SSF development will focus on providing additional guidance, enhancing existing requirements, and addressing new and evolving payment technologies, threats, and attack techniques.”
The following documents are now available in the PCI SSC Document Library:
Updates to the Secure Software Report on Validation (ROV) and Attestation of Validation (AOV) associated with the v1.2 release are expected to be published in Q1 2023.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information: bankcardlife.com?orid=33533&opid=1 .
Source: Company press release.
FastSpring, EBANX expand Pix Payments for Brazil market
Relay available for payments at 2,200+ CAT scale locations
Finastra reimagines mobile banking software
Quickcharge, Amazon Just Walk Out tech power hospital cafe
New LexisNexis True Cost of Fraud Study released
Alkami reports on digital banking performance
Valuedynamx, Expedia driving 20% growth
Zafin announces strategic CEO transition