PCI Security Standards Council (PCI SSC) releases PCI Secure Software Standard v1.2   

By offering industry-driven, adaptable, and efficient data security standards and programs that assist businesses in identifying, mitigating, and preventing cyberattacks and breaches, the PCI Security Standards Council (PCI SSC) is at the forefront of an international, cross-industry effort to strengthen payment security.

PCI Secure Software Standard version 1.2 and its related program documentation were both published today by the PCI Security Standards Council (PCI SSC). There are two standards that are included in the PCI Software Security Framework, and one of those standards is the PCI Secure Software Standard (SSF). The PCI Secure Software Standard and its security criteria aid in assuring that payment software is created, maintained, and designed in a way that safeguards payment transactions and data, reduces vulnerabilities, and deters attacks.

The Web Software Module is a set of supplemental security requirements that were introduced with version 1.2 of the PCI Secure Software Standard. These requirements were created to address the most common security issues that are associated with the utilization of payment technologies that are accessible via the internet.

When it comes to testing the safety and integrity of payment software, the PCI Secure Software Standard is intended to provide a more adaptable method than the one now in use. The Web Software Module was developed to provide assistance to software manufacturers and developers in the process of determining and putting into practice appropriate software security controls for the purpose of providing protection against common web software attacks.

Within the scope of the Web Software Module, there are a total of four high-level requirement categories:

  1. Keeping detailed records of, and keeping track of, how payment software makes use of open-source software, third-party software components, and APIs.
  2. Managing access to payment processing software, application programming interfaces (APIs), and other vital resources.
  3. Defending against frequent attacks on the web.
  4. Keeping secure the communications between the various components of web-based payment software.

PCI preliminary efforts to introduce the Software Security Framework have been successfully concluded with the release of the brand-new Web Software Module, which is included as part of the Secure Software Standard version 1.2. The next phase of development for the SSF will concentrate on providing further advice, improving the requirements that are already in place, and addressing emerging and developing payment technologies, threats, and attack methodologies.