PCI DSS Version 2.0 was released on October 28 2010 and while it did not include any significant new requirements, it did provide greater clarity and flexibility to facilitate improved understanding particularly for merchants. Guidance was provided for the security of virtual IT environments and the adoption of a risk-based approach allowing an organisation to rank vulnerabilities according to risk.
The Standard basically requires merchants and member service providers (MSPs) who store, process or transmit cardholder data to:
- Build and maintain a secure IT network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy.
You will find lots of useful information on our dedicated PCI Webpage.
Best selling PCI DSS implementation resource:
If you want to simplify the business of PCI DSS compliance, this toolkit is for you!