The payment application data security standard (PA-DSS) has been updated to help businesses better install, update, and patch their hardware. The guides are a global effort by Visa, Mastercard, and American Express to improve the shabby state of electronic payments around the world through the implementation of baseline security standards around credit cards. Critical changes in version 3.2 of the PA-DSS include clarifications to existing requirements that align the document to the payment card industry data security standard (PCI DSS).
It also includes detailed instructions for vendor products that help with configuration in line with PCI DSS. Those reading will have better information for patching and protecting troubleshooting debugging logs that can be exploited during a compromise.
Security standards council chief technology officer Troy Leach says the guide is critical to payment security. “We continue to see how failure to properly configure and patch payment applications exposes organisations to attacks that lead to mass data compromise,” Leach says.
“That’s why in addition to updating PA-DSS to support PCI DSS 3.2, we’ve added more guidance to help integrators, resellers, and others implementing payment software to configure it properly and protect payment account data.”
