The world’s top credit card companies yesterday issued long-awaited revised security standards for their merchants, but some experts say they didn’t really improve the situation much. The credit card giants also announced the formation of the PCI Security Standards Council LLC, a joint organization that will shepherd the compliance guidelines, develop a list of PCI-compliant vendors and products, and train auditors.<\/p>\n","protected":false},"excerpt":{"rendered":"
PCI, which includes specifications for both physical and logical security of credit card data, is required for all merchants who accept credit cards or store credit information. Merchants that don’t comply could face fines as high as $500,000, or, in extreme cases, could have their ability to accept credit cards revoked.<\/p>\n
PCI 1.0 was issued two years ago, and merchants were supposed to have achieved compliance by the deadline of June 30 of this year.<\/p>\n
Experts say the new guidelines are more clear about “compensating controls,” which give merchants a bit more flexibility in their deployment of encryption and other PCI requirements. David Taylor, vice president of data security strategies at Protegrity and a former industry analyst, isn’t so sure. “The new specs are definitely clearer, and that’s great, but I think a lot of merchants were hoping that the new rules would make it easier to comply, and that didn’t happen,” he says.<\/p>\n
PCI auditors previously had hoped that PCI 1.1 would somehow divide the specifications between critical requirements — such as the need for encryption and firewalls — and best practices, such as thorough documentation and training.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=103292&WT.svl=news2_1<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1671","post","type-post","status-publish","format-standard","hentry","category-regulations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1671"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1671\/revisions"}],"predecessor-version":[{"id":4158,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1671\/revisions\/4158"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}