The Payment Card Industry Security Standards Council is always creating new and effective versions of PCI DSS. The most recent of such compliance standards is version 1.2 which has 12 requirements for enhancing payment account security. These requirements are designed to address a broad range of data security, from software design to policies and procedures. Version 1.2 is not intended to change the existing DSS, but only to provide added security in a time when many feel it is most needed.
There are two notable changes, one requires that off-site data storage locations be visited and validated as compliant with PCI DSS. The other imposes a sunset date on wired equivalency privacy (WEP) use. For those of us who don’t speak techie, WEP is a software application intended to protect data as it travels across wireless networks. In previous posts, I have talked about WEP having to be upgraded by June 30th, 2010 to Wi-Fi protected access (WPA).
Here are the 12 core requirements as outlined by the card associations:
Many acquirers and large ISO’s have begun charging PCI compliance fees to their merchants to offset the costs they have had to incur in becoming compliant. As a merchant, I would want to know why they were not compliant to begin with and why I am being charged an additional amount for something they should already be doing. Online merchants can take matters into their own hands and ensure that their networks are following current PCI DSS guidelines and dispute compliance fees that are charged to them directly by their processor.