PCI Compliance Regs Slated for Facelift in Oct. 08 | eWEEK Labs
Reviews
SHARE
Facebook X Pinterest WhatsApp

PCI Compliance Regs Slated for Facelift in Oct. 08

Written By
Cameron Sturdevant
Cameron Sturdevant
May 16, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Yesterday, May 14, the PCI Standards Council, the body that oversees the PCI DSS (Payment Card Industry Data Security Standard) announced the formal timeline for releasing Version 1.2 of the specification in October of this year.

PCI DSS was last revised in September 2006 and is still one of the most interesting security mandates in the IT industry. It is specific, it has no legal standing (i.e. it isn’t mandated by legislation), and it carries clear and enforceable punishments for noncompliance.

Version 1.2 eliminates some overlap in various parts of the standard. What exactly is in 1.2 will be revealed at a Webcast that I’ll be attending and reporting on that will take place May 22.

The standard tries to address the challenges of driving security into the previously unregulated consumer retail space where there is a high volume of relatively low-value transactions in which buyers and sellers can have no previous knowledge of each other.

One countervailing pressure has come into play to push back against implementing a really toothy PCI DSS. The banks and card issuers have thus far been successful in making sure that consumers bear identity recovery costs. So, while fraudulent charges are absorbed by the banks, the much higher cost of identity recovery is left in the hands of the victims. In fact, it’s gotten bad enough that identity recovery has been turned into a product that is sold to consumers like insurance.

But countervailing tendencies are just that, factors that influence but don’t controvert the main thrust of a trend. In this case, PCI DSS 1.2 is a clear recognition that vendors that accept credit card data must demonstrate some semblance of care when processing card data.

There are ways for IT managers to comply with PCI DSS today and when the revised standard is issued in October that minimize costs. Come hear my keynote address on compliance at the Ziff Davis Enterprise Virtual Tradeshow on June 24 to get my thoughts on what compliance means for a best-practice approach to supporting business processes with the best available technology.
Cameron Sturdevant
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information