PCI Security Standards Council Takes On Credit Card Security Threat


In a response to research suggesting that many of the security breaches involving credit and debit cards are caused by vulnerabilities introduced during installation and support of the enabling applications, the PCI Security Standards Council has rolled out a new education and certification program for channel partners.

In its 2012 Global Security Report, Trustwave claims that 76 percent of the breaches investigated in 2011 were caused by errors committed during implementation, configuration and support of payment applications by channel partners and similar third parties.

In an effort to reinforce the security of cardholder data, the PCI Security Standards Council, a global, standards body that oversees the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), has announced a new certification program that provides a stamp of approval for channel organizations and field engineers/technicians who work with these validated applications.

[Related: Unisys Offers Stealth Cybersecurity Through New Channel Program]

This initiative is the outcome of a special task force of merchants, acquirers, payment software vendors and other interested parties looking for a strategy to resolve the vulnerability.

Training for the PCI Qualified Integrator and Reseller (QIR) program is expected to begin in late summer, according to Bob Russo, general manager of the Council.

“We're going to create the certification, which includes about a day’s worth of training on how to install these things securely, how to make sure they are secure, and how to make sure that you're making the merchant aware of their responsibilities as pertains to security,” explained Russo to CRN. “We will qualify companies that do these installations, and then we are going to train their people who will then become individually certified. Those certifications will be listed on our website so the retailer can see that the stamp of approval is present.”

The curriculum will be presented online, culminating in an examination through which the certification will be awarded. Intervals for renewal have not yet been determined.

“Unfortunately, this is a need that needs to be addressed,” added Russo. “And we feel that more education will help to make sure that the payment chain is secure.”

Founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has over 600 participating organizations representing merchants, banks, processors and vendors worldwide.