The PCI Security Standards Council, a global, open industry standards
body providing management of the Payment Card Industry Data Security
Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the
Payment Application Data Security Standard (PA-DSS), today announces the
timeline for release of PCI DSS version 1.2, scheduled for availability
in October 2008. With this new update, which is based on extensive
feedback from the Council´s Participating
Organizations, the PCI DSS will enhance the clarity of its technical
requirements, offer improved flexibility and address new and evolving
risks and threats.
Since the distribution of version 1.1 of the Standard in September 2006
the Council has engaged industry stakeholders, including retail
merchants, vendors, electronic funds transfer (EFT) networks
point-of-sale (POS) application developers, banks and other stakeholders
with a global view to address real world threats and implementation
challenges. Using feedback provided by this community, including more
than 2,000 questions submitted to the Council since its formation in
2006, version 1.2 of PCI DSS:
Incorporates existing and new best practices
Provides further scoping and reporting clarification
Eliminates overlapping sub-requirements and consolidates documentation
Enhances the frequently asked questions and glossary to facilitate
understanding of the security process.
The enhanced clarity provided by version 1.2 will ease the
implementation process and increase overall adoption of the standard.
The updated standard will reflect the broad industry feedback and is
designed to anticipate, identify and mitigate future security threats
but will not include any new core requirements beyond the existing 12 in
place. This ongoing feedback process ensures that the PCI DSS continues
to evolve in a manner that reflects threats in the marketplace and
increases cardholder data security.
"We believe adoption of PCI DSS version 1.2
will increase cardholder data security and minimize the risk of data
breaches that can challenge the positive public perception of the
security practices of merchants and financial institutions involved in
the payments chain," said Bob Russo, General
Manager, PCI Security Standards Council. "Version
1.2 will allow for the adoption of new best practices and protections
with sufficient implementation lead time."
Today´s announcement is the first in a series
of public communications designed to raise awareness of the updated PCI
DSS. Participating Organizations in the Council will have an opportunity
to review the proposed changes at the PCI SSC annual Community Meeting
to be held in Orlando, Fla., September 23-25, 2008.
For More Information:
If you would like more information about the PCI Security Standards
Council or would like to become a Participating Organization please
visit pcisecuritystandards.org, or contact the PCI Security Standards
Council at participation@pcisecuritystandards.org.
About the PCI Security Standards
Council
The mission of the PCI Security Standards Council is to enhance payment
account security by driving education and awareness of the PCI Data
Security Standard and other standards that increase payment data
security.
The PCI Security Standards Council was formed by the major payment card
brands American Express, Discover Financial Services, JCB International
MasterCard Worldwide and Visa Inc. to provide a transparent forum in
which all stakeholders can provide input into the ongoing development
enhancement and dissemination of the PCI Data Security Standard (DSS)
PIN Entry Device (PED) Security Requirements and the Payment Application
Data Security Standard (PA-DSS). Merchants, banks, processors and point
of sale vendors are encouraged to join as Participating Organizations.
