The PCI Security Standards Council has announced its intention to create a new data security standard known as the Payment Application Data Security Standard (PA-DSS).

The PCI Council’s mandate is to help foster adoption of PCI (payment card industry) Standards. The PA-DSS will become the new standard for best practices in the industry and is being supported by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa.

PA-DSS is aimed at helping companies eliminate unnecessarily-stored libraries of customer information in payment systems. The standard will help developers of payment applications to eliminate features that have led to unnecessary data storage. PA-DSS is working with application developers to improve programs and will then enforce the adoption of the standard by the Payment Card Industry.

The PA-DSS is currently drafted and expected to be approved early in 2008. This is a proactive move to minimize the risk for data breaches and resulting identity theft.

Bob Russo, general manager for PCI Security Standards Council, notes:

“As criminals become more sophisticated and payment application vulnerabilities are realized by our membership, we must ensure that all components of the payments process are subject to rigorous standards that are supported by all of the global payment card brands with a single goal in mind: to protect cardholder data and combat fraud.”

Read more on PA-DSS here / Read the PCI Council statement here.

Via infoworld Tags: pci, pci standards, pci council, payment standards, data breach, data retention, data storage, payment applications, data security