PCI DSS Version 2.0 on its Way
Recently the PCI Security Standards Council announced that version 2.0 of the PCI DSS would be released in September 2010, updating the latest version of the standard that helps businesses protect sensitive cardholder information on their networks.
According to Bob Russo, general manager of the PCI Security Standards Council, version 2.0 won’t have any major changes to the standard. Though the changes being made are somewhat minor, the hope is that they will have a major impact on the card data industry. The goals of these changes are to help clarify the PCI requirements, improve flexibility for merchants, help better manage security threats and risks, and better align the standard with the changes in the industry’s best practices. One of the main focuses will be around scoping, which is a process in PCI assessment. This will help to determine where sensitive card data exists so that specific portions are subjected to the PCI data-security standards.
Another topic that has received a lot of attention is end-to-end encryption for card data security, which if fully implemented would enable the industry to more fully protect against theft. The version 2.0 may include some guidance on leveraging end-to-end encryption to satisfy existing PCI requirements.
The PCI Security Standards Council has made a mindful effort to not overload changes to the PCI DSS with new requirements that compel businesses to take on additional spending. This consideration has encouraged more companies to implement the industry standard.
The release of the PCI DSS 2.0 is still a few weeks away. For those who just can’t wait, a summary of changes is available from the PCI Security Standards Council. However, after the release of version 2.0, the council will put it up for discussion at their community meeting in September in Orlando, Fla. Plans are to make the finalized version of the standard available in October 2010, and begin enforcing in January 2011.
The card security industry is getting closer to a standardized protocol to provide the desired security to customers and businesses. This is an on-going process, which will continue to unfold in the upcoming months and years.