PCI Council announces card production security standards

May 15, 2013

The PCI Security Standards Council (PCI SSC) has announced the publication of a new standard for secure payment card production.

The PCI SSC is the body responsible for developing and promoting the payment card industry data security standard , better known as the PCI DSS .

The new standard for secure payment card production may interest businesses looking to improve their level of PCI compliance , which is an essential factor for any enterprise that handles and stores customer payment data.

The new standard is comprised of two sets of requirements, the PCI Card Production Physical Security Requirements and the PCI Card Production Logical Security Requirements.

The physical security requirements address the presence, movement and accountability of cards, while the logical security requirements address threats to confidential data and cryptographic key management.

Vendors are now able to use these two requirements as a comprehensive resource for the secure production of payment cards, covering everything from manufacturing, chip embedding, magnet-stripe encoding, embossing, card personalisation, chip initialisation and chip personalisation.

Previously, each of these factors in the manufacturing and production process had been managed separately by various payment card brands.

However, with the publication of this new standard the PCI SSC has been able to consolidate these individual requirements into a single standard that can be followed by the industry as a whole – resulting in greater consistency when it comes to the protection of payment card data.

The standard, which was developed after close consultation with members of the PCI community, is aimed at securing the components and data involved in card production and protecting against the "fraudulent use" of cards.

"There are a lot of pieces involved in securely producing payment cards, from design all the way through delivery," PCI SSC general manager Bob Russo said in a May 9 statement.

"The publication of these requirements gives card vendors one set of criteria to follow, and as we've seen with our other standards, will help drive improved security across the payments chain."

If your organisation handles customer payment card data, it's critical to ensure that this sensitive information is adequately protected.

A breach in security can have lingering consequences on the customer relationship, so it's important that your vulnerability management policies are as robust as possible.

A trusted security solutions provider can help guide you through the PCI compliance process, ensuring that your policies are up to date with current procedures.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *