The PCI Security Standards Council (PCI SSC) has revealed two new validation programs for payment software vendors to demonstrate their systems sufficiently protect payment data.
Under the Secure Software Lifecycle (Secure SLC) and Secure Software Programs, the software security framework assessors will evaluate vendors and their payment software products against the PCI Secure SLC and Secure Software Standards. Following this, the PCI SSC will list secure systems to aid merchants.
PCI SSC is adding these programs to its PCI Software Security Framework (SSF), a collection of standards and programs for the secure design, development and maintenance of existing and future payment software.
Validation through the Secure SLC Program illustrates the software vendor has mature secure software lifecycle management practices in place to ensure payment software is designed and developed to protect payment transactions and data from attacks.
The Secure Software Program approval illustrate they payment software product also has necessary protocols in place to protect payment transactions and data from attacks.
PCI SSC COO Mauro Lance said, “These programs work together with the PCI Secure SLC and Secure Software Standards to help vendors address the security of both their development practices and their payment software products.
“We’re pleased to have the Secure SLC and Secure Software Programs documentation available now as the initial step towards providing the industry with validated listings of trusted payment software vendors and products under the PCI Software Security Framework,”
“In the meantime, PCI SSC recognizes that transitioning from PA-DSS to the Software Security Framework will take time, and we want to reassure PA-DSS vendors, PA-QSAs and users of PA-DSS validated payment applications that the PA-DSS Program remains open and fully supported until October 2022, with no changes to how existing PA-DSS validated applications are handled.”
Copyright © 2018 RegTech Analyst