The second installment of the Payment Card Industry Data Security Standard (PCI DSS) is due out in the fall.
PCI DSS version 1.2, the first update since September 2006 when the PCI
Security Standards Council began driving the standard, is due out in
October and incorporated feedback from some 450 participating
organisation, the council announced Wednesday.
The council said it tapped into recommendations from retailers, security
product vendors, electronic funds transfer networks, point-of-sale
application developers and banks.
The new version of the standard will contain a number of changes,
including a more concentrated list of sub-requirements to avoid
overlapping; further clarification on reporting protocols; and expanded
sections for glossary searches and frequently asked questions.
"We believe adoption of PCI DSS version 1.2 will increase cardholder
data security and minimise the risk of data breaches that can challenge
the positive public perception of the security practices of merchants
and financial institutions involved in the payments chain," said Bob
Russo, general manager of the PCI council.
According to the latest figures from Visa, one of the five major global
card brands which has agreed on the PCI DSS, 65 percent of level-one
merchants -- which process more than six million card transactions per
year -- have attained compliance with the standard.
The figures, released in October, also show that 43 percent of
level-two retailers -- processing between one and six million
transactions per year -- met the requirements.
At press time, a Visa spokesman was checking to see if the payment brand had any current stats.
See original article on scmagazineus.com