The requirements of PCI Software Security Framework are divided into two groups: Core requirements and Account data protection. The core requirements of secure software are applicable to all payment software, regardless of what the functions a]or underlying technologies are. Account data protection regards any application that stores, processes and/or transmits Sensitive Authentication Data (SAD) or Cardholder Data (CHD).
A direct consequence of the above definitions is that a PCI secure software may be allowed to store CHD where applicable according to the standards' requirements. This is the tricky point that is misunderstood by some organizations.
No comments:
Post a Comment