Guide to PCI Application Security Compliance for Merchants and Service Providers
Triggered by a number of security breaches and concerns over the abuse and theft of credit card data, major credit card companies including American Express, Discover, JCB, Master Card and Visa formed the PCI Security Standards Council (PCI SSC) in September 2006. The PCI Data Security Standard (PCI DSS) delineates requirements that vendors must meet in order to conduct business transactions using payment cards. New PCI requirements that specifically focus on application security become mandatory by June 2008. With their own brands at risk, merchants and service providers must secure their applications from potential vulnerabilities to comply with PCI standards.