A couple of new information supplements have been released by the PCI SSC, covering E-commerce and ATM PIN security.
“PCI DSS E-commerce Guidelines” contains a nice summary of common E-commerce models, vulnerabilities and some recommendations too.
From the intro:
“This Information Supplement is intended for merchants who use or are considering the use of e-commerce technologies in their cardholder data environment (CDE) as well as any third-party service providers that provide e-commerce services, e-commerce products, or hosting/cloud services for merchants”
Download it from here.
If you’re developing or implementing applications for the ATM environment, you’ll be interested in this next information supplement, entitled “PCI PIN Transaction Security Point of Interaction Security Requirements”.
>From the intro:
“This document proposes guidelines to mitigate the effect of attacks to ATM aimed at stealing PIN and account data. These guidelines are neither definitive nor exhaustive and are not intended to be used as requirements for a validation program at the PCI SSC.”
Download the document from here.