Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Understanding PCI SSF compliance standards and its benefits

A guide to the new framework to secure modern payment software

by Narendra Sahoo
September 21, 2020
in Insight
Understanding PCI SSF compliance standards and its benefits
Share on FacebookShare on Twitter

The PCI Security Standards Council (PCI SSC) released a new framework known as the PCI Software Security Framework (SSF) to secure modern payment software. The new framework is a collection of standards and programs that were built to secure the design and development of payment software. With the introduction of SSF, the existing standard – PA DSS (Payment Application Data Security Standard) will soon fade out. This simply means that the SSF replaces PA-DSS with modern requirements that support a wide range of payment software types, technologies, and development methodologies. It is a new approach that supports both the existing and future payment software and working as an extension to the PA-DSS limits to address overall software security resiliency.

The PCI SSF Standards 

The PCI Software Security Framework is based on two standards, namely the Secure Software Standard and Secure Software Lifecycle Standard.

Secure Software Standard

Validation of payment software to Secure Software Standard (S3) assures that the Payment Software that is designed typically protects the integrity of the software and the confidentiality of sensitive data it captures, stores, processes, and transmits. Applicability of this standard typically includes-

  • Software products involved in or directly support or facilitate payment transactions that store, process, or transmit data.
  • Software products developed by the vendor that are commercially sold to multiple organizations.

Secure Software Lifecycle Standard

Validation of payment software to Secure Software Life Cycle Standard assures that vendor’s software development lifecycle processes, procedures, and practices are compliant with the PCI Secure SLC Standard. Applicability of this standard includes- 

  • All vendors who develop payment software.

Purpose of Introducing PCI Software Security Framework in Replacement of PA DSS

PCI Software Security Framework is a blend of traditional and modern software security requirements. The latest framework supports evolving technologies, software types, and development methodologies. The new PCI SSF framework was designed and implemented with an aim to promote a highly objective oriented security practices that support both the traditional methods of good application security and the latest development practices. It is a framework introduced to ensure vendors can benefit the best of both worlds and implement measures that best secures systems.

Transition from PA DSS to PCI SSF

 For a smooth transition from PA DSS to PCI SSF, PCI Council will continue to support PA DSS validated applications through the end of October 2022. They have clearly stated that the existing PA-DSS validated applications will remain on the “List of Validated Payment Applications” until their expiry dates with the assurance of not having any impact on the users. Further, by the end of October 2022, PCI Software Security Framework will replace PA DSS and its listings. So, with this transition, the payment application will be validated with PCI SSF after the retirement of PA DSS in 2022. The new framework provides flexibility to all the software vendors and facilitates better alignment of secure application development, as per the industry standard.

Benefits of PCI SSF Compliance

The Payment Card Industry Security Standards Council developed the new SSF framework to provide flexibility to software vendors and align payment software development with industry best security standards. Unlike PA-DSS, the SSF will support multiple security efforts and initiatives that focus on secure design and development. Here is how PCI SSF Compliance shall benefit customers, vendors, and merchants in general-

  • SSF Compliance facilitates a modular assessment architecture and approach, creating more flexibility.
  • Adhering to the PCI Software Security Frame will help reduce the risk associated with penalties and Data Breach Complications.
  • Compliance assures appropriate security and protection mechanism are in place to secure the card data environment.
  • It will ensure critical assets are protected and further strengthens the implementation of access controls.
  • It is an assurance that the organizations are meeting their legal obligations.
  • It provides customers the confidence that the organization has put in efforts to secure the environment and protect their data.
  • Compliance to SSF means having implemented risk management process and having Business continuity plans in place
  • Compliance with SSF Framework ensures protection against emerging security threats and adapting to any changes in the applicable regulatory standards.

Final Thoughts

While the transition from PA DSS to PCI SSF may seem challenging, in reality, it won’t make a difference or rather impact your compliance efforts. In fact, PCI SSF provides additional flexibility for software developers to incorporate payment application security as per the current industry-accepted practices. Moreover as mentioned earlier, to make it a hassle-free transition for stakeholders, the PA-DSS and SSF Programs will run parallel with the PA-DSS Program continuing to operate as it does till the date of expiry. Having said that, we personally feel the decision of introducing a new framework is for the better of the society and benefit of the customers and vendors.  Hence the introduction of PCI SSF should not be taken otherwise and should be taken positively by all stakeholders.

Contributed by Narendra Sahoo, Director, VISTA InfoSec

 

FacebookTweetLinkedIn
ShareTweet
Previous Post

CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

Next Post

Cyber attacks have tripped in India in the last 2 months

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information