View Full Version : Visa Issues New PABP
jbhall56
10-25-2007, 05:55 PM
Anyone have the inside scoop on why this was issued through Visa and not the PCI SSC? Or is this just an update to the PABP and the PCI SSC will still be issuing the draft PA-DSS in the near future? Just curious as to what is going on.
because the PABP has not yet been migrated to the PCIco - it is owned and administered by Visa...until it isnt anymore
jbhall56
10-27-2007, 12:28 PM
What we heard in Toronto at the PCI Community Meeting was that the migration had started from Visa to the PCI SSC and the next issuance of the PABP would be the draft of the PA-DSS in October for comments with a release of the final version in December.
So, I was somewhat shocked when Visa made an announcement that the PABP had been updated.
sm1978
10-27-2007, 05:53 PM
Jeff - Visa did not roll out an update to the PABP. The best practices is still on version 1.4. Visa's latest push looks to be new compliance mandates for those using payment applications to adhere to the existing PABP requirements. Please see the article at computerworld (search on google for 'Visa payment application security mandates')
There is a set of dates that companies will need to abide by. The payment vendors will be pressured to produce secure products or be isolated in the market.
lyalc
10-28-2007, 02:52 PM
Does anyone have pointers to Visa content or specifics on the mandate?
e.g. What actions are required at what dates etc?
Thanks
lyalc
wconway
10-29-2007, 09:15 AM
Lyalc, check out my post on the Treasury Institute Blog http://treasuryinstitute.org/blog/index.php?itemid=61. I included a link that has with the Visa release (and mandate dates) I think we are talking about. (BTW, I also put a link in the "time-line" thread in this forum).
lyalc
10-29-2007, 11:42 AM
Thank you, wconway
mdahn
10-30-2007, 11:35 PM
Also, check out:
http://pcianswers.com/2007/10/30/visa-payment-application-mandates-and-deadlines/
sm1978
11-07-2007, 02:19 PM
https://www.pcisecuritystandards.org/pdfs/11-07-07.pdf
fitch609
11-08-2007, 08:51 AM
My understanding that the PABP/PA-DSS will be global in it's reach, is that correct? My company is international and I want to make sure I plan accordingly.
jbhall56
11-08-2007, 09:12 AM
My understanding that the PABP/PA-DSS will be global in it's reach, is that correct? My company is international and I want to make sure I plan accordingly.
Yes and no.
It is my understanding that the Visa PABP is NOT an international standard, it only applies to Visa USA. Although, other card brands have adopted the PABP process as a standard.
However, the PA-DSS will be an international standard as it will be part of the PCI SSC's standards. So, while it might not be official yet, I would plan ahead to follow the PA-DSS.
lyalc
11-11-2007, 05:05 PM
Just to expand slightly.
It's my understanding from recent discussion from local Visa reps that Visa PABP is intended to be mandated in Asia-Pacific around mid 2007, regardless of the status of PA-DSS at the time.
PABP may also be mandated in other regions by then as well.
Dates will probably be 12 months later than the US schedule already published by Visa.
As noted earlier, plan on either PABP or PA DSS being relevant to you, regardless of location.
lyalc
vBulletin® v3.7.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.