PCI Data Security Standard Updated

The Payment Card Industry (PCI) has released its newest version of its data security standards (PCI-DSS). The version is designed to help protect transmitted charge and debit card information, and spells out a comprehensive vulnerability management program.

While not a banking regulatory standard, PCI was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International. It is a standard with which many banking institutions comply.

Industry information security experts say that following PCI-DSS 1.2 with access control testing, system monitoring and the implementation of documented enterprise-wide security policies will help companies remain out of the headlines and will also help streamline compliance. Recent high profile data theft cases show the need for these new stronger standards.

"This version 1.2 is the culmination of two years worth of feedback from PCI community on what they see are needed changes," says Bob Russo, General Manager of the PCI Security Standards Council. Much of the changes amount to clarification, tweaking and added flexibility of the existing requirements, and also includes best practices the council has been seeing in practice.

One major change regards secure wireless: WEP will no longer be accepted under Requirement 4. "We've drawn a line in the sand and are saying it will no longer be accepted, nor will we allow any new projects to use WEP after March 2009," says Russo. All current implementations need to end by June 2010.

The old PCI-DSS Version 1.1 will remain valid until December 31. For more details, visit the council's home page.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.