PCI Security Standards Council Publishes New Software Security Standards
Today, the PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework, which includes a validation program for software vendors and their software products and a qualification program for assessors. The programs will be launched later in 2019.
“Innovation in payments is moving at an incredible pace. Each advancement provides the industry the opportunity to develop applications more quickly and efficiently than before and to design software for new platforms for payment acceptance,” said PCI SSC Chief Technology Officer Troy Leach. “The new PCI Secure Software Standard and PCI Secure SLC Standard support this evolution in payment software practices by providing a dynamic way for developers to demonstrate their software protects payment data for the next generation of applications.”
PCI Software Security Standards expand beyond the scope of the Payment Application Data Security Standard (PA-DSS) for traditional payment software to address overall software security resiliency for modern payment software. Specifically:
- The PCI Secure Software Standard outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data.
- The PCI Secure SLC Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
These standards will replace the PA-DSS and listing when it is retired in 2022. In the meantime, there will be a gradual transition period for organizations with investments in PA-DSS. For more information on the new standards and the PA-DSS transition period, read PCI Perspectives blog post, Just Published: New PCI Software Security Standards .
The PCI Software Security Standards were developed with the input of a dedicated task force made up of payment card industry participants. PCI SSC Participating Organizations and assessors also reviewed and provided feedback on the standards via multiple request for comments (RFC) periods throughout the development process.
Steve Lipner, Executive Director of the Software Assurance Forum for Excellence in Code (SAFECode), participated in the PCI Software Security Task Force and said, “I was delighted to review the final version of the PCI Secure Software Lifecycle Standard. The document clearly reflects an adaptation of software security best practices to the needs of the payment card industry and its certification process and is well aligned with SAFECode’s principles and the concepts in SAFECode’s Fundamental Practices for Secure Software Development. I was particularly pleased to see the emphasis on integrating security into the software development process rather than attempting to assure security by after-the-fact testing.”
The PCI Secure Software Standard, PCI Secure SLC Standard, a supporting FAQ document, and a Glossary of Terms, Abbreviations, and Acronyms are available for download from the Document Library on the PCI SSC website.
About the PCI Security Standards Council
The PCI
Security Standards Council (PCI SSC) leads a global, cross-industry
effort to increase payment security by providing industry-driven,
flexible and effective data security standards and programs that help
businesses detect, mitigate and prevent cyberattacks and breaches.
Connect with the PCI SSC on LinkedIn.
Join the conversation on Twitter @PCISSC.
Subscribe to the PCI
Perspectives Blog.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20190116005557/en/
Contact information
Mark Meissner
PCI Security Standards Council
+1-202-744-8557
press@pcisecuritystandards.org
Twitter
@PCISSC
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Svante Launches World's First Commercial Gigafactory for Carbon Capture & Removal Filters13.5.2025 23:50:00 EEST | Press release
Svante Technologies Inc. (Svante), a global leader in carbon capture and removal technologies, has officially completed the commissioning of its new Centre of Excellence for Carbon Capture and Removal – Redwood manufacturing Facility (Redwood) in Burnaby, British Columbia. This milestone marks the launch of the world's first gigafactory dedicated to producing commercial-scale carbon capture and removal filters designed to trap CO2 directly from industrial emissions and the atmosphere, and with the mindset of high-volume automation and product standardization to lower the manufacturing cost. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250513713072/en/ Claude Letourneau, President & CEO, Svante Group opens the Svante Grand Opening 2025 event, "GO25" with a speech about how to move the carbon management industry forward. This two-day event celebrates the commissioning of Svante's gigafactory in Vancouver, BC, Canada, which w
Svante and SAMSUNG E&A Sign Joint Development Agreement to Offer Digitally Enabled Skid-Mounted Modular Carbon Capture Plants13.5.2025 23:46:00 EEST | Press release
Svante Technologies Inc. (Svante) and SAMSUNG E&A announced today that they have signed a joint development agreement to jointly develop a set of standardized skid-mounted modular carbon capture plants based on Svante’s novel VeloxoTherm solid sorbent-based carbon capture filter technology, leveraging SAMSUNG E&A’s advanced digital solutions and modularization capabilities. The agreement was signed during Svante’s Grand Opening Event, which marked the commissioning of its new commercial filter manufacturing facility in Vancouver, Canada. This is the world’s first gigafactory for Svante’s filter technology, capable of producing enough filters to capture 10 million tonnes of CO2 annually. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250513282760/en/ Leaders of SAMSUNG E&A and Svante sign a joint development agreement at a private signing ceremony during Svante's Grand Opening Event in Burnaby, BC, Canada. The companies have
AWS and HUMAIN Announce Groundbreaking AI Zone to Accelerate AI Adoption in Saudi Arabia and Globally13.5.2025 19:09:00 EEST | Press release
Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), and HUMAIN, Saudi Arabia’s newly created company responsible for driving AI innovation across the Kingdom and globally, today announced plans to invest $5 billion-plus in a strategic partnership to build a groundbreaking “AI Zone” in the Kingdom. This first-of-a-kind AI Zone will bring together multiple innovative capabilities, including dedicated AWS AI infrastructure and servers with world-class semiconductors, UltraCluster networks for faster AI training and inference, AWS services like SageMaker and Bedrock, and AI application services such as Amazon Q to advance Saudi Arabia’s mission to be a world leader in AI. AWS previously announced and is currently building an AWS infrastructure region in Saudi Arabia that will become available in 2026. Amazon is investing US$5.3 billion (approx. 19.88 billion Saudi riyal) in Saudi Arabia to develop this new region for AWS. The new AI Zone announced today is an addit
Citco enters strategic partnership with GIC13.5.2025 18:05:00 EEST | Press release
The Citco group of companies (Citco) and GIC are pleased to announce that they have entered a long term, strategic relationship. As part of the relationship, GIC, a global institutional investor, has become a minority shareholder in Citco. The founding Smeets Family shall remain the majority shareholder in Citco. “Citco has organically grown into a global market-leading asset servicing business, delivering value to investors like GIC for over 50 years. Our investment aligns squarely with GIC’s commitment to building long-lasting partnerships that empower family-owned businesses to thrive. With a combination of client-centric solutions and savvy technological investments Citco is at the forefront of their industry. We look forward to partnering with Citco and the Smeets family as we embark on this new chapter together." – Girish Karira, Head of Integrated Strategies Group and Head, New York Office at GIC. “We look forward to continuing our strategic relationship with GIC. Their industry
Tigo Energy Resolves Multi-Year Patent Infringement Litigation With SMA13.5.2025 16:00:00 EEST | Press release
Tigo Energy, Inc. (NASDAQ: TYGO) (“Tigo” or “Company”), a leading provider of intelligent solar and energy software solutions, today announced that it has reached a multi-year settlement with SMA (SMA Solar Technology AG and SMA Solar Technology America LLC) over litigation regarding the infringement of Tigo intellectual property by SMA. The settlement concludes the infringement complaint brought by Tigo on July 11, 2022, Case No. 1:22-cv-00915 (D. Del.) alleging infringement of certain patents by SMA. Terms of the settlement will remain undisclosed. According to National Electric Code § 690.12, “Rapid Shutdown of PV Systems on Buildings” requires that PV system circuits “installed on or in buildings shall include a rapid shutdown function to reduce shock hazard for emergency responders.” Tigo rapid shutdown technology is compliant with UL 1741, the Standard for Safety for Inverters, Converters, Controllers and Interconnection System Equipment for Use With Distributed Energy Resources,
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom