Understanding the fallout of the PCI DSS 2.0

Understanding the fallout of the PCI DSS 2.0

The new PCI DSS 2.0 standard will have a uniquely long three-year life cycle, does not make any major changes to previous policies and has managed to draw more attention to the Payment Card Industry Data Security Standards than most previous standards.

According to a recent TechTarget report, the PCI DSS 2.0 has created a number of new trends in the industry, as organizations have been wrestling with the new standard and struggling, to some extent, to get a clear grasp of its mandates. This has led to new trends appearing in the PCI compliance sector, the report said.

One of those new trends has been created by the three-year life-span of the new standards. Initially, industry experts, led by Joshua Corman of the 451 Group, were quite skeptical about a three-year standard. They generally believed the technological changes that would be required within those three years would be so substantial that the standard would become irrelevant before being replaced.

However, the TechTarget report said the long life-span of the PCI DSS 2.0 standard has helped businesses adopt secure policies. Because companies know the standard will not be changing any time soon, they are more willing to do the necessary research and install systems that will properly secure their payment card infrastructure. The confidence that theese efforts will not be considered obsolete upon completion is making companies more interested in PCI-related investments, the report said.

The report also emphasized the importance of the quarterly scanning policy in the PCI DSS 2.0. Like previous standards, the PCI DSS 2.0 mandates companies submit a quarterly audit of all of their networks that handle payment card information. The report said this regulation is made quite clear, but is often questioned by retailers, and consequently needs to be carried out by an approved scanning vendor to perform quarterly audits of security systems.

In a TechTarget-sponsored panel discussion, industry experts Ed Moyle and Diana Kelley fielded numerous questions regarding PCI compliance issues. One of the questions dealt with the growing trend toward PCI compliance in international markets. Because PCI standards stem from a joint council of leading financial institutions, it has no national or continental bounds. However, it has spread throughout the world at a varied pace, and one of the questions addressed how PCI standards are beginning to have an impact in the Asia-Pacific region. Moyle and Kelley explained PCI regulations are becoming active and authoritative throughout the world.