Toughey Talks
PCI-PA-DSS: Triple Witching Day?
January 28, 2010
When I think about July 1st, I am reminded of "triple witching day", a phrase in use when I was working in the financial services business during the '80s.
"Triple witching day" occurred when the contracts for stock index futures, stock index options, and stock options all came due on the same day. It created an extremely volatile trading environment.
July 1st, 2010, is a triple witching day of sorts, too. Three payment industry deadlines which impact your day-to-day operations all occur on that one day.
- July 1 is the deadline for compliance with the PA-DSS (Payment Application Data Security Standard). Any vendor-supplied software that touches credit card data on campus must be listed as a PA-DSS certified application by the PCI Council.
(PCI List of Validated Payment Applications) - July 1 is the deadline for compliance with PCI PTS (PIN Transaction Security) standard. Any point-of-sale or swipe devices used for PIN data entry must be listed as a PTS certified device by the PCI Council.
(PCI List of Approved PIN Transaction Security) - July 1 is the deadline for compliance with Visa's new TDES (Triple Data Encryption Standard) rules. Any point-of-sale or swipe devices used for PIN data entry must use TDES instead of the currently designated Single DES encryption.
(Visa FAQ for Triple Data Encryption Standard)
After talking with schools around the country, I've learned that most of you are making progress in your efforts to comply with these new standards. Some are not. You still have time to act, but the clock is ticking down to a "triple witching" deadline. If you need some help or just have a question, don't hesitate to call.
Thanks for reading.
Dan Toughey
dan2e@touchnet.com
PS: In my next email blog, I'll discuss cashiering-like systems. There seems to be a lot of confusion around "p.Commerce."
Toughey Talks
PCI-PA-DSS: Triple Witching Day?
January 28, 2010
When I think about July 1st, I am reminded of "triple witching day", a phrase in use when I was working in the financial services business during the '80s.
"Triple witching day" occurred when the contracts for stock index futures, stock index options, and stock options all came due on the same day. It created an extremely volatile trading environment.
July 1st, 2010, is a triple witching day of sorts, too. Three payment industry deadlines which impact your day-to-day operations all occur on that one day.
- July 1 is the deadline for compliance with the PA-DSS (Payment Application Data Security Standard). Any vendor-supplied software that touches credit card data on campus must be listed as a PA-DSS certified application by the PCI Council.
(PCI List of Validated Payment Applications) - July 1 is the deadline for compliance with PCI PTS (PIN Transaction Security) standard. Any point-of-sale or swipe devices used for PIN data entry must be listed as a PTS certified device by the PCI Council.
(PCI List of Approved PIN Transaction Security) - July 1 is the deadline for compliance with Visa's new TDES (Triple Data Encryption Standard) rules. Any point-of-sale or swipe devices used for PIN data entry must use TDES instead of the currently designated Single DES encryption.
(Visa FAQ for Triple Data Encryption Standard)
After talking with schools around the country, I've learned that most of you are making progress in your efforts to comply with these new standards. Some are not. You still have time to act, but the clock is ticking down to a "triple witching" deadline. If you need some help or just have a question, don't hesitate to call.
Thanks for reading.
Dan Toughey
dan2e@touchnet.com
PS: In my next email blog, I'll discuss cashiering-like systems. There seems to be a lot of confusion around "p.Commerce."