Summary of changes to next version of PCI Data Security Standard

The PCI Security Standards Council (PCI SSC) announced the summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October.

Changes to the PCI DSS include clarifications and explanations to the requirements, with these clarifications offering improved flexibility to address today’s security challenges in the payment card transaction environment. The new summary document on these changes highlights the key clarifications by requirement.

These clarifications will also eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated. Most importantly, version 1.2 does not introduce any new major requirements to the existing 12 in place since the Council’s inception.

Bob Russo, General Manager, PCI Security Standards Council commented:

The Council’s Participating Organizations, through the feedback process, have provided an invaluable service in enhancing the PCI DSS to meet today’s market needs. Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications.