PCI standard, take two

The initial release of the PCI standard in December 2004 was the first product of the PCI Security Standards Council, an industry organization created specifically to develop the PCI standard and assist those seeking compliance. Unfortunately, the first version of the standard was met with confusion and concern due to vague requirements and ambiguous reporting deadlines. Therefore, in September 2006, the industry released version 1.1, which implements several changes, some of which are substantial. Let's examine them and how they may affect business processes.

PCI standard 1.1
First, version 1.1 clarifies of some of the ambiguous wording in the requirements. For example, the new PCI standard now consistently uses "must" and "s

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance and Governance Digest Social media: Risk management strategies for financial institutions Red Flags Rule compliance How AML compliance applies to remote deposit capture Tokenization and PCI compliance Data governance and classification The PCI compliance case for source code review Identity management for financial firms in turbulent times PCI DSS: Best practices for compliance Red Flag Rules compliance demands a risk-based approach Understanding the impact of new state data protection laws PCI DSS compliance Download presentations from Financial Information Security Decisions 2009 Two conversations about risk assessment Why financials should pay attention to NERC CIP Infosecurity pro pitfalls RBS WorldPay regains spot on Visa's PCI compliance list Tokenization and PCI compliance Heartland breach cost $12.6 million, CEO says PCI certification isn't always the right answer Heartland gains PCI compliance from Visa The PCI compliance case for source code review

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CISP-PCI  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

hould" in their appropriate contexts throughout the document. The council also removed the word "periodically" and replaced it with specific timeframes such as "annually" and "quarterly."

It also sprinkled the document with text and notes designed to help users interpret the purpose of each requirement. More specifically:

The PCI Security Standards Council has taken the standard to the next level, and overall the revisions to the PCI standard are a good thing for merchants. While there are a few additional requirements for merchants and service providers, the revision clarifies quite a few ambiguous requirements, making the path to compliance easier to navigate.

About the Author:
Mike Chapple, CISA, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

Rate this Tip To rate tips, you must be a member of SearchFinancialSecurity.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.