PCI Security Standards Council Issues Summary of Changes

Standards Organizations
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements, and the Payment Application Data Security Standard (PA-DSS), today announced the summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October. An overview of the summary of changes as well as frequently asked questions an be found on the Council's Web site at https://www.pcisecuritystandards.org/security_standards/supporting_documents.shtml (copy and paste as necessary).

Changes to the PCI DSS include clarifications and explanations to the requirements, with these clarifications offering improved flexibility to address today's security challenges in the payment card transaction environment. The new summary document on these changes highlights the key clarifications by requirement. These clarifications will also eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated. Most importantly, version 1.2 does not introduce any new major requirements to the existing 12 in place since the Council's inception.

"The Council's participating organizations, through the feedback process, have provided an invaluable service in enhancing the PCI DSS to meet today's market needs," said Bob Russo, general manager, PCI Security Standards Council. "Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications."

With the summary of changes to the revision of the PCI DSS, the council is giving stakeholders guidance on what to expect when version 1.2 is publicly available. The council is finalizing the changes to the standard and will be providing its participating organizations with version 1.2 in early September. PCI SSC participating organizations and the council's board of advisors have been providing feedback on the revisions and the council is in the final stages of preparing the latest standard and supporting documentation. This follows the established lifecycle process that will ensure that the PCI DSS standard is revised and updated on a two-year cycle, the group said. PCI DSS version 1.1 was introduced in September 2006.

More Information

More information on the PCI Security Standards Council and becoming a participating organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at This email address is being protected from spambots. You need JavaScript enabled to view it..

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organizations.

The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements, and the Payment Application Data Security Standard (PA-DSS), today announced the summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October. An overview of the summary of changes as well as frequently asked questions an be found on the Council's Web site at https://www.pcisecuritystandards.org/security_standards/supporting_documents.shtml (copy and paste as necessary).

Changes to the PCI DSS include clarifications and explanations to the requirements, with these clarifications offering improved flexibility to address today's security challenges in the payment card transaction environment. The new summary document on these changes highlights the key clarifications by requirement. These clarifications will also eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated. Most importantly, version 1.2 does not introduce any new major requirements to the existing 12 in place since the Council's inception.

"The Council's participating organizations, through the feedback process, have provided an invaluable service in enhancing the PCI DSS to meet today's market needs," said Bob Russo, general manager, PCI Security Standards Council. "Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications."

With the summary of changes to the revision of the PCI DSS, the council is giving stakeholders guidance on what to expect when version 1.2 is publicly available. The council is finalizing the changes to the standard and will be providing its participating organizations with version 1.2 in early September. PCI SSC participating organizations and the council's board of advisors have been providing feedback on the revisions and the council is in the final stages of preparing the latest standard and supporting documentation. This follows the established lifecycle process that will ensure that the PCI DSS standard is revised and updated on a two-year cycle, the group said. PCI DSS version 1.1 was introduced in September 2006.

More Information

More information on the PCI Security Standards Council and becoming a participating organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at This email address is being protected from spambots. You need JavaScript enabled to view it..

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organizations.

BLOG COMMENTS POWERED BY DISQUS