PCI DSS Version 2.0 to be Enforced Soon – Are you ready?
In 2010 the PCI Security Standards Council released version 2.0 of the PCI DSS and PA-DSS, updating the standard to help merchants better protect sensitive cardholder information on their networks. Though the variations made to Version 2.0 weren’t substantial to the standard, the changes were hoped to have a major impact on the card data industry. The updated version of the standard was released in Fall of 2010, and became effective as of January 1, 2011. However, enforcement of the new requirements for validation against the updated versions of PCI DSS and PA-DSS are not going to begin to be enforced until January 1, 2012.
So the question is, come January 1, 2012, will you be ready?
The majority of changes made to version 2.0 were modifications to language, which clarified the meaning of the PCI requirements and making understanding and adoption easier on both merchants and software providers. The changes ultimately reinforced the need for thorough scoping prior to an assessment and promoted more effective log management. Other changes to the standard broadened validation requirements for the assessment of vulnerabilities in a merchant environment, giving merchants the ability to use industry best practices to prioritize these vulnerabilities.
PCI compliance has been a popular topic of conversation during 2011, but now is the time for businesses to make sure that they are ready to meet the PCI compliance requirements put in place. This past year has given merchants and software providers alike the opportunity to meet these new requirements, and achieve PCI compliance. Come the start of the year, it will become clear who is meeting the new requirements and who is not.
Download the PCI DSS Version 2.0 from the PCI SSC today and see if your business is ready. You can also contact Element to make sure that you are taking the proper steps to meet these new compliance requirements.