The New PCI DSS Version Is Discussed

If you want to know about what’s coming in the next version of the PCI DSS, see this article.

The bottom line is that the new standard will be out in October 2010 and nothing much is changing, just clarifications.  However, this interview with Bob Russo does point out a few interesting tidbits.

The first is that end-to-end encryption sounds great, but needs to be further studied, defined and refined.  In addition, at the end points, the cardholder data must be decrypted, which means your key management procedures need to be bulletproof.  I had put up a series of posts last year right after Heartland discussed using end-to-end encryption.

The second thing I found interesting is his discussion of Chip and PIN.  Yes, Congress found this technology to their liking, but it has its own issues, some of which I discussed in a post a while back.  It’s not a be all to end all, but it does offer some additional features.  However, Mr. Russo neglected the fact that Chip and PIN cards do have magnetic stripes on them to be compatible with the rest of the world.

Finally, there will be more white papers, FAQs and the like written.

In general, not a lot to talk about.  However that can all change between now and then if we see some changes in tactics by the attackers.


0 Responses to “The New PCI DSS Version Is Discussed”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

January 2010

%d bloggers like this: