Wakefield, Massachusetts, United States
The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the timeline for release of PCI DSS version 1.2, scheduled for availability in October 2008. With this new update, which is based on extensive feedback from the Council's Participating Organizations, the PCI DSS will enhance the clarity of its technical requirements, offer improved flexibility and address new and evolving risks and threats.
Since the distribution of version 1.1 of the Standard in September 2006, the Council has engaged industry stakeholders, including retail merchants, vendors, electronic funds transfer (EFT) networks, point-of-sale (POS) application developers, banks and other stakeholders with a global view to address real world threats and implementation challenges. Using feedback provided by this community, including more than 2,000 questions submitted to the Council since its formation in 2006, version 1.2 of PCI DSS:
-- Incorporates existing and new best practices
-- Provides further scoping and reporting clarification
-- Eliminates overlapping sub-requirements and consolidates documentation
-- Enhances the frequently asked questions and glossary to facilitate understanding of the security process.
The enhanced clarity provided by version 1.2 will ease the implementation process and increase overall adoption of the standard. The updated standard will reflect the broad industry feedback and is designed to anticipate, identify and mitigate future security threats, but will not include any new core requirements beyond the existing 12 in place. This ongoing feedback process ensures that the PCI DSS continues to evolve in a manner that reflects threats in the marketplace and increases cardholder data security.
"We believe adoption of PCI DSS version 1.2 will increase cardholder data security and minimize the risk of data breaches that can challenge the positive public perception of the security practices of merchants and financial institutions involved in the payments chain," said Bob Russo, General Manager, PCI Security Standards Council. "Version 1.2 will allow for the adoption of new best practices and protections with sufficient implementation lead time."
This announcement is the first in a series of public communications designed to raise awareness of the updated PCI DSS. Participating Organizations in the Council will have an opportunity to review the proposed changes at the PCI SSC annual Community Meeting to be held in Orlando, Fla., September 23-25, 2008.
For More Information:
If you would like more information about the PCI Security Standards Council or would like to become a Participating Organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at participation@pcisecuritystandards.org.
About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.
The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.
Source: Business Wire (Business Wire India)