The PCI Data Security Standard is coming

You might have heard of the late talking about credit card security and the forth-coming PCI DSS standard, short for Payment Card Industry's DSS. According to PCI, DSS "is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures."

In Finland, an organization called Luottokunta is the local representative for Visa and MasterCard credit cards. They have information about PCI DSS on their web sites, and for application developers, you need to be sure your application follows the PCI standards by summer 2008. Depending on your order volume, you can belong to four classes. On the lowest class, below 20,000 transactions a year, no audits are needed, just following the standard is enough. Be sure to get the technical specifications and start studying them, if you already aren't.