PABP is now officially PA-DSS
I have frequently discussed application security on this blog. . .You can use the handy category link to the right to identify several of these posts or click here.
As was initially reported in November, PABP has been rolled up into a new standard that is being managed by the PCI Security Standards Council. This new managed standard is known as PA-DSS (Payment Application – Data Security Standard).
The press release can be found on the PCI Security Standards website (release) and is rather interesting to read. Of particular note is this quote:
Many merchants and retailers rely on third-party software vendors for applications that
run payment processing,” said J. Joseph Finizio, Executive Director, Retail Solutions Providers Association. “Having the Council manage a globally-recognized list of validated payment
applications will make it easier for merchants of all sizes to select validated payment
applications that are accepted by all the major payment brands, ensuring that cardholder data
continues to be secure.
What does it mean?
Simply, the recognition of the importance of security standards in commerce applications that are sold to market has driven the adoption of a common standard of security. Perhaps more importantly, for the developer, certified applications will be recognized as such.
In the past, certification and compliance (PABP validation) has been treated as a "nice to have" or a "selling point." With the increased focus on security, compliance will become necessary rather than a feature. As such, it is necessary to partner appropriately to address security issues within commerce applications.
If you would like more detailed information about the announcement, I highly recommend the "PCI Blog – Compliance Demystified" as a source to read about this change in great detail.
What’s your perspective? Agree? Disagree? Anything to add? Critiques?
The comment form is below. . .
April 16, 2008