PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council Statement On Malware

PDF


PCI SECURITY STANDARDS COUNCIL STATEMENT ON MALWARE

WAKEFIELD, Mass., April 29, 2008 — PCI SSC has recently received sev eral inquiries regarding
how the PCI Data Security Standard (DSS) addresses malicious software threats against cardholder
data. The DSS does clearly address protecting systems and networks from these new threats.
The PCI DSS, if properly implemented on a merchant or service providers' network, provides
the security controls necessary to prevent hackers from penetrating a payment environment and
installing malicious software that would jeopardize the protection of card data as it is being
processed. The Standard provides for a host of mitigating controls including properly configuring
firewalls, changing vendor defaults and passwords, encrypting the transmission of sensitive
cardholder data across public networks and regularly updating anti-virus protections. Adhering to the
Standard provides protection against hackers installing malware such as a ‘sniffer’ in order to capture
and access data without being detected. The PCI SSC believes that the best way to protect
cardholder data that is stored, transmitted and processed is by implementing the PCI DSS and
remaining in full compliance.

For More Information :

If you would like more information about the PCI Security Standards Council or would like to
become a Participating Organization please visit pcisecuritystandards.org, or contact the PCI Security
Standards Council at participation@pcisecuritystandards.org.
About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by
driving education and awareness of the PCI Data Security Standard and other standards that increase
payment data security.
The PCI Security Standards Council was formed by the major payment card brands American
Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to
provide a transparent forum in which all stakeholders can provide input into the ongoing development,
enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED)
Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants,
banks, processors and point of sale vendors are encouraged to join as Participating Organizations.