The council noted that Visa created the standard to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 and PIN data, and support compliance with the PCI DSS.
PCI data security standards: Don’t blame PCI DSS for TJX troubles, IT pros say: Data breaches at TJX and elsewhere have some questioning the effectiveness of PCI DSS, but others say the real problem is how companies approach the guidelines. Banks neglect responsibility for data breaches, some say: TJX has become the poster child for bad data behavior, but some believe the bank and credit card companies aren’t accepting enough responsibility for the data breach epidemic.
The addition of PA-DSS comes as merchants fight for more control over the data they store and as attackers target Web applications with growing zeal.
Last month the National Retail Federation (NRF) sent a letter to the Payment Card Industry (PCI) Security Standards Council asking for changes in how the credit card industry requires merchants to store credit card data.
NRF Chief Information Officer David Hogan wrote that retailers should not have to store credit card numbers because doing so increases the risk that hackers will try to steal the information.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1281251,00.html