Payment Card Industry Releases Latest Standards

Wakefield, Mass. On Wednesday, the Payment Card Industry Security Standards Council (PCI SSC), formally published version 1.2 of the PCI Data Security Standard (DSS). Effective immediately, version 1.2 replaces version 1.1, which had been in effect since December of 2006. However, version 1.1 officially “sunsets” on December 31, 2008.

Earlier this year, PCI SSC released a summary of proposed changes that would be included in version 1.2, although the primary objective of the updated DSS was to clarify the existing requirements of version 1.1.

The updates contained in 1.2 do not implement any significant new requirements but further define the 1.1 requirements by replacing ambiguous deadlines with specific dates and by articulating a clear June 2010 deadline for the end of any transactions processed through Wired Equivalent Privacy (WEP).

The updated standard and supporting documentation is available on the Council’s Web site at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.