PCI Council announces card production security standards

The PCI Security Standards Council (PCI SSC) has announced the publication of a new standard for secure payment card production.

The PCI SSC is the body responsible for developing and promoting the payment card industry data security standard, better known as the PCI DSS.

The new standard for secure payment card production may interest businesses looking to improve their level of PCI compliance, which is an essential factor for any enterprise that handles and stores customer payment data.

The new standard is comprised of two sets of requirements, the PCI Card Production Physical Security Requirements and the PCI Card Production Logical Security Requirements.

The physical security requirements address the presence, movement and accountability of cards, while the logical security requirements address threats to confidential data and cryptographic key management.

Vendors are now able to use these two requirements as a comprehensive resource for the secure production of payment cards, covering everything from manufacturing, chip embedding, magnet-stripe encoding, embossing, card personalisation, chip initialisation and chip personalisation.

Previously, each of these factors in the manufacturing and production process had been managed separately by various payment card brands.

However, with the publication of this new standard the PCI SSC has been able to consolidate these individual requirements into a single standard that can be followed by the industry as a whole – resulting in greater consistency when it comes to the protection of payment card data.

The standard, which was developed after close consultation with members of the PCI community, is aimed at securing the components and data involved in card production and protecting against the "fraudulent use" of cards.

"There are a lot of pieces involved in securely producing payment cards, from design all the way through delivery," PCI SSC general manager Bob Russo said in a May 9 statement.

"The publication of these requirements gives card vendors one set of criteria to follow, and as we've seen with our other standards, will help drive improved security across the payments chain."

If your organisation handles customer payment card data, it's critical to ensure that this sensitive information is adequately protected.

A breach in security can have lingering consequences on the customer relationship, so it's important that your vulnerability management policies are as robust as possible.

A trusted security solutions provider can help guide you through the PCI compliance process, ensuring that your policies are up to date with current procedures.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s