The Month: New PCI DSS version 1.1 unveiled | SC Media

The Month: New PCI DSS version 1.1 unveiled

October 2, 2006

The global top-five card-payment companies have issued new worldwide Payment Card Industry (PCI) security standards, and have formed a council to encourage their adoption. American Express, JCB, MasterCard Worldwide, Visa International and Discover Financial Services have unveiled the new PCI Data Security Standard (DSS) version 1.1.

According to the new body, the standard has been updated to provideclarification to certain requirements and be able to deal better withcomplex requirements such as data encryption.

PCI is a set of specifications that control the handling of credit cardinformation, and is required for all merchants who accept credit cardsor store credit information. Those that fail to comply can face fines orlose their ability to handle credit cards. A recent survey by The LogicGroup found that only 3 per cent of UK businesses are currentlycompliant.

But the new revised standard has already met with criticism. "Manymerchants had heard that this new standard was imminent, so they waitedto see whether it would be easier to conform to - which of course itisn't," claims David Taylor, vice-president of data security strategiesat Protegrity.

"The need for security has not decreased over the past year. In fact,the standard makes little mention of increasingly important issues suchas phishing."

prestitial ad