The Payment Card Industry Security Standards Council has released version 1.2 of its Data Security Standard (PCI DSS).
Based on feedback from the council's members, the new version of PCI DSS is aimed at simplifying the implementation of the standard for cardholder account security as well as ensuring compliance.
Version 1.2 does not introduce any major new requirements to the existing 12 in place, but the update does change some practices related to wireless security, the PCI said.
"It is especially gratifying to know that version 1.2 of the PCI DSS is inclusive of global industry feedback," said Bob Russo, general manager at the PCI Security Standards Council.
"This ensures that we continue to offer merchants and service providers a pathway to protect cardholder account data that is sensible and achievable."
The new standard is effective immediately and version 1.1, in place since 2006, will be phased out by the end of December.
Some 88 per cent of UK businesses are still not compliant with the PCI DSS, even though compliance became compulsory two years ago, according to research carried out by systems management vendor NetIQ.
Only 12 per cent of respondents to the survey said they were already compliant, while 17 per cent predicted that they would be within six to 12 months.
Reasons given for the delay in following the data security requirements included complexities in the process, such as setting up measures to protect web applications.
PCI DSS v1.2 tackles wireless security
By Angelica Mari on Oct 2, 2008 10:02AM