Media Release: The new PCI DSS Version 2 is effective. What now?, asks commissum

SAYS information security consultants, commissum: “The PCI Security Standards Council (PCI SSC) is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS).

“The PCI SCC has released the new version 2 of its PCI Data Security Standard (PCI DSS) which has become effective on 1st January 2011.

“The new standard begins the three-year lifecycle that allows for validation against the previous version of the standard (1.2.1) until 31st December 2011. This provides stakeholders time to understand and implement the new version of the standard as well as provide feedback. The PCI SCC encourages organisations to transition to the updated version as soon as possible.”

“The changes in version 2.0 introduce no new major requirements. The majority of changes are modifications to the language to clarify the meaning of the requirements and make understanding and adoption easier. Many of the revisions reinforce the need for a thorough scoping exercise prior to assessment in order to: understand where cardholder data resides; reduce the infrastructure and applications subject to the standard; allow organizations to adopt a risk-based approach when assessing; and prioritising vulnerabilities based on specific business circumstances.”

Principal assurance consultant, André Coner, of information security consultants, says that many organisations fail to adequately segment the cardholder data environment from the remainder of its network and therefore are significantly increasing the complexity and cost of their PCI DSS compliance.

“Without adequate network segmentation, the entire network is in scope of the PCI DSS assessment. Segmentation is therefore strongly recommended as it will reduce the scope and cost of the PCI DSS assessment. It also reduces the cost and difficulty of implementing and maintaining the PCI DSS controls.”

About commissum:

With 20 years of experience, commissum is adept at offering practical advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation’s information assets.

Quay House,

142 Commercial Street,

Leith, Edinburgh,

EH6 6LB,


United Kingdom

t: 0845 644 3217

f: 0845 644 3218

PRESS RELEASE issued by QueryClick. You too can post media releases (aka story ideas for journalists) on For more information, email here.

Contact: Donald Stephenson
Phone: 0131 556 7078