Visa, MasterCard to unveil new security rules

[lyger <lyger () attrition org>]

http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001637

By Jaikumar Vijayan, July 07, 2006


Visa U.S.A. Inc. and MasterCard International Inc. will release new 
security rules in the next 30 to 60 days for all organizations that handle 
credit card data, a Visa official said this week.

The rules will be the first major updates to the one-year-old Payment Card 
Industry (PCI) data security standard, which analysts said is slowly but 
surely being adopted.

One set of PCI extensions is aimed at protecting credit card data from 
emerging Web application security threats, said Eduardo Perez, vice 
president of corporate risk and compliance at Foster City, Calif.-based 
Visa. Other new rules will require companies to ensure that any third 
parties that they deal with, such as hosting providers, have proper 
controls for securing credit card data.

Merchants who fail to comply with PCI can face fines or be excluded from 
processing credit cards.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/