PCI compliance standards are updated every three years, and store retailers must become compliant with the most recent version – 2.0 – by January 1, 2012, Convenience Store Decisions reports.
“Recognize that the PCI DSS changes from version 1.2.1 to 2.0 are not monumental changes, however they should not be overlooked,” Susan Matt, CEO of consulting firm ThoughtKey, told the news source. “The changes are simply clarifications and additional guidance on the existing standards.”
Major clarifications from the old version to the new one include issues with a credit card’s primary account number, logging, prioritizing and standards on scoping.
Bob Russo, PCI Security Standards Council general manager, points out that if a company decides to store a PAN, it must be encrypted so it’s unreadable. Furthermore, centralizing the logging procedure will be beneficial following a breach, because forensics examiners check the log first to determine what went wrong. Prioritizing must be clarified because risks vary from merchant to merchant. Finally, stores will be required to scope their networks to determine where they’re most vulnerable and where they’re processing card data.
Retail Touch Points adds that by the end of the year, version 2.0 will become the only legal guideline for PCI compliance.Back To Blog