News

Latest version of PCI DSS reaches final stages

Warwick Ashford

Around 500 global stakeholders are to meet this week to give the final community feedback on the coming version 3.0 of the Payment Card Industry’s Data Security Standard (PCI DSS).

PCI DSS compliance is necessary for any organisation that handles customer payment card data and specifies how that information must be held and protected.

45438_credit-cards-claire-no-credit.jpg

The PCI Security Standards Council (PCI SSC) administers the security regulations and is set to issue its regular update of the standard from  PCI DSS 2.0 in November 2013.

The annual PCI SSC European community meeting in Nice, France 29-31 October 2013, will be the last chance to comment on version 3.0 before publication on 7 November, said Jeremy King, the council’s European director.

“In an update year, the agenda at our community meetings in North America and Europe are tailored around the latest version of the standard,” King told Computer Weekly.

Even though publication of version 3.0 is just a week away, there are several sessions aimed at enabling members of the community to provide feedback.

“Although it is very late in the day and the standard has already gone through a lot of iterations and changes, any critical feedback will be incorporated into version 3.0 before publication,” said King.

“Whenever we are updating the standard, we work with the community to ensure there is maximum feedback.”

Commenting on the latest version of PCI DSS, King said it is aimed at making compliance with the standard part of “business as usual”.

To that end, the new version focuses on security training, helping people understand that security is a shared responsibility and giving merchants more flexibility in how they adopt the standard.

Other changes are aimed at ensuring card data security practices are updated to cope with new technologies and trends, such as bring your own device (BYOD) programmes in the workplace.

PCI DSS V3.0 goes into effect on 1 January 2014, but merchants who have not completed compliance with V2.0 will have until the end of 2014 to begin working on compliance with V3.0.

“Merchants have told us that, when they are three-quarters of the way through implementing one version of the standard, they can’t just stop and move to the next iteration,” said King.

They need time to complete the versions they are on before starting with the next one, which is why version 2.0 will remain active until December 2014, he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy