PCI Security Standards Council Provides Preview of Upcoming Changes


The PCI Security Standards Council, an open forum for the development of payment card security standards, has published a preview of the upcoming changes to the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS).  Beginning in November, the new changes are designed to make data more secure by focusing on three key themes: increased flexibility, education and awareness, and the shared responsibility of security. Some of the proposed changes include:

  • Recommendations on making PCI DSS business-as-usual and best practices for maintaining ongoing PCI DSS compliance
  • Security policy and operational procedures built into each requirement
  • Guidance for all requirements with content from Navigating PCI DSS Guide
  • Increased flexibility and education around password strength and complexity
  • New requirements for point-of-sale terminal security
  • More robust requirements for penetration testing and validating segmentation
  • Considerations for cardholder data in memory
  • Enhanced testing procedures to clarify the level of validation expected for each requirement
  • Expanded software development lifecycle security requirements for PA-DSS application vendors, including threat modeling

The Council has released this preview to ensure that organizations are as informed as possible to best prepare for the upcoming changes and to eliminate any surprises that may hamper those organizations come November. Further, this early preview allows organizations to be more prepared to review and discuss draft versions of the standards at the 2013 Community Meetings scheduled to take place in September and October.

For more information about the firm’s privacy practice, please visit our website or contact Linda McReynolds, Certified Information Privacy Professional (CIPP/US), at lgm@commlawgroup.com.

ATTORNEY ADVERTISING DISCLAIMER: This information may be considered advertising in some jurisdictions under the applicable law and ethical rules. The determination of the need for legal services and the choice of a lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers

Sign Up To Receive Our
Advisories and Compliance Alerts

Sign up for our email list to receive notifications regarding new advisories and news