Version 1.2 of the PCI DSS is Official
October 1, 2008 saw the official release of Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS)
Version 1.2 is effective immediately and version 1.1 of the standard will die on Dec. 31, 2008. The updated standard and supporting documentation is available on the Council’s Web site.
The new version is designed to simplify the language of the standard by adding clarifications and explanations. According to an article on Market Watch, The PCI Security Standards Council says there re no major changes to compliance requirements but Wired Equivalent Privacy (WEP) must be thing of the past as of June 2010. It’s not soon enough, in my opinion.
“This latest revision to the PCI DSS is welcome news for merchants and service providers as they grapple with the latest security threats to their payment transactions systems,” said Diana Kelley, partner and analyst with SecurityCurve, a data security consultancy. “The clarifications and language revisions should go a long way in easing implementation questions and help to reduce compliance costs.”
As merchants, we might argue that having to change out our wireless processing terminals isn’t exactly “welcome news” in the current economic climate, but certainly a simplification of the standard’s language is. I only scanned the document but it seems they’ve done a good bit to make it easier to understand and, as a result, easier to assure compliance. That’s a big point in the Council’s favor.
