Version 1.2 of PCI Data Security Standard released

The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today announces general availability of version 1.2 of the PCI DSS.  

This latest version is the culmination of two years of feedback and suggestions from its industry stakeholders and is designed to clarify and ease implementation of the foremost standard for cardholder account security.  Version 1.2 is effective immediately and version 1.1 of the standard will sunset on Dec. 31, 2008.  The updated standard and supporting documentation is available on the Council’s Web site.

The Council previously announced the summary of changes between version 1.1 and version 1.2 to ensure awareness of the coming latest changes to the standard.

 Version 1.2 includes clarifications and explanations of the requirements that improve flexibility to meet today’s security challenges and ensure organization’s can adequately comply with the standard.  While version 1.2 does not introduce any new major requirements to the existing 12 in place since the Council’s inception, the updates do change some practices, such as the sun-setting of implementations of Wired Equivalent Privacy (WEP) wireless security by June, 2010. Â