Home > Financial Services Information Security Tips > Compliance and Governance Digest > PCI standard, take two
Financial Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE AND GOVERNANCE DIGEST

PCI standard, take two


Mike Chapple
11.15.2006
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


If you work with a business involved in any aspect of credit card processing, you're undoubtedly familiar with the Payment Card Industry Data Security Standard. The PCI standard replaced the various standards promoted by Visa International, MasterCard Inc. and other industry players with a single, consolidated standard for all merchants and service providers involved in card processing.

The initial release of the PCI standard in December 2004 was the first product of the PCI Security Standards Council, an industry organization created specifically to develop the PCI standard and assist those seeking compliance. Unfortunately, the first version of the standard was met with confusion and concern due to vague requirements and ambiguous reporting deadlines. Therefore, in September 2006, the industry released version 1.1, which implements several changes, some of which are substantial. Let's examine them and how they may affect business processes.

PCI standard 1.1
First, version 1.1 clarifies of some of the ambiguous wording in the requirements. For example, the new PCI standard now consistently uses "must" and "s


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Compliance and Governance Digest
Social media: Risk management strategies for financial institutions
Red Flags Rule compliance
How AML compliance applies to remote deposit capture
Tokenization and PCI compliance
Data governance and classification
The PCI compliance case for source code review
Identity management for financial firms in turbulent times
PCI DSS: Best practices for compliance
Red Flag Rules compliance demands a risk-based approach
Understanding the impact of new state data protection laws

PCI DSS compliance
Download presentations from Financial Information Security Decisions 2009
Two conversations about risk assessment
Why financials should pay attention to NERC CIP
Infosecurity pro pitfalls
RBS WorldPay regains spot on Visa's PCI compliance list
Tokenization and PCI compliance
Heartland breach cost $12.6 million, CEO says
PCI certification isn't always the right answer
Heartland gains PCI compliance from Visa
The PCI compliance case for source code review

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
CISP-PCI  (SearchFinancialSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


hould" in their appropriate contexts throughout the document. The council also removed the word "periodically" and replaced it with specific timeframes such as "annually" and "quarterly."

It also sprinkled the document with text and notes designed to help users interpret the purpose of each requirement. More specifically:

The PCI Security Standards Council has taken the standard to the next level, and overall the revisions to the PCI standard are a good thing for merchants. While there are a few additional requirements for merchants and service providers, the revision clarifies quite a few ambiguous requirements, making the path to compliance easier to navigate.

About the Author:
Mike Chapple, CISA, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

Rate this Tip
To rate tips, you must be a member of SearchFinancialSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Finance Sector Security - Anti-Phishing, Remote Access Security, Firewall Systems
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts