Payment Card Industry Post Updates To Standards

The Payment Card Industry Security Standards Council (PCISSC) has posted updates to its e-commerce security standards.

The group has released versions 2.0 of its Data Security Standard and Payment Application Data Security Standard.

PCISSC general manager Bob Russo told that the updates are a relatively minor tweak to the original standards.

Russo explained that many of the changes and updates were generated from feedback collected by the group on areas that could use clarification or updates.

"These are not wholesale changes, which proves that the standard is rather solid and is ageing gracefully," he said. "It really brings both of these standards closely in alignment."

Many of the changes address discrepancies between different nations. Russo said that the standard needs to be more flexible in areas such as Europe, where commerce can often cross international borders.

Russo said that the group collected more than half of its feedback from organisations outside the US to gather information on how the standards could become more accommodating internationally.

Small and medium-sized businesses were also a focal point for the updates, which seek to clarify and simplify guides for companies that have few or no dedicated IT staff.

Restaurants and retailers, for example, may need guidance on how properly to secure customer account details and log transactions and activity.

The PCI Security Standards Council has a Merchant & Service Providers Resource Center for further details and tips on the new standards.

print this article

Return to security news headlines
View Security News Archive

Share with: