The PCI Security Standards Council released version 2.0 of the Payment Card Industry Data Security Standard (“PCI DSS”) today. While the standard takes effect on Jan. 1, 2011, entities have until Dec. 31, 2011 to become compliant.
Most of the changes to the standard are relatively minor and are focused mainly on clarifying language in both the requirements and guidance on both compliance and how to evaluate compliance with certain requirements. One important addition is the emphasis on performing a detailed assessment of all the places where the entity collects, processes, and stores cardholder data to ensure that all those places are included in the assessment.
Version 2.0 of the PCI DSS, a summary of the changes, and other supporting documentation can be found on the PCI Security Standards Council’s website.