SAN FRANCISCO—Proposed new security rules for credit card-accepting businesses will put more scrutiny on software, but let them off the hook on encryption.

The update to the Thursday, Mar 16, 2006” href=”http://www.thegarlandgroup.net/Your+secret+PIN+may+not+be+so+secret/2100-1029_3-6050259.html?tag=nl”>evolving attacks as well as to challenges some businesses have with the encryption of consumer data, Tom Maxwell, director of e-Business and Emerging Technologies at MasterCard International, said here Monday.

The proposed update includes a requirement to, by mid-2008, scan payment software for vulnerabilities, Maxwell said in a presentation at a security conference hosted by vulnerability management specialist Qualys. Currently, merchants are required to validate only that there are no security holes in their network. “There is an increase in application-level attacks,” Maxwell said.

While security stands to benefit from a broader vulnerability scan, another proposed change to the security rules may hurt security of consumer data, critics said. The new version of PCI will offer …

Click here to read article…