Payment Card Industry Mandate Stresses Importance of Web Application Security

On June 30, another refresh of the Payment Card Industry (PCI) Data Security Standards (PCI DSS) will upgrade Web application security testing from a best practice to a mandatory practice. The deadline forces merchants and vendors to take a closer look at application-layer security and emphasizes its importance in fighting increasing online threats.

The Payment Card Industry Data Security Standards were developed by the five leading payment card brands – American Express Co., Visa International, MasterCard Worldwide, Discover Financial Services LLC, and Japan-based JCB International Credit Card Co. Ltd - now organized as the PCI Security Standards Council, to ensure the protection of consumer credit card information and to set a global standard for security.

Customer trust is critical to a company’s bottom line, particularly when the company relies on e-commerce and online credit card transactions, and privacy and security issues are a real concern for today’s consumer. In fact, it was the onslaught of highly publicized breaches and identity theft scams that prompted the credit card companies to establish the PCI Data Security Standards in the first place, as a means to protect card members’ confidential information.