PCI 2.0: What's New? What Matters? What's Left?

by Dave Hoelzer
Sept. 1, 2017 0 comments SANS Institute Management compliance

Over the last six years,the Payment Card Industry Data Security Standard (PCI DSS) has developed into a workable approach for protecting the handling and processing of payment card transactions.Yet,there are also shortcomings in the PCI DSS, and like all standards,the PCI DSS periodically goes through updates.The latest version—PCI 2.0 released at the end of October 2010—provides updates on virtualization, monitoring and other areas. Other than the explicit inclusion of virtualization (which had been sorely missing in the 1.2 version of the standard), there are no dramatic changes in PCI 2.0. The remainder of this new version should really be called an adjustment or refinement to policies and processes already in place.