The evolution of the PCI DSS framework
At the Cards & Payments Solutions exhibition Jeremy King, European Director of the PCI Security Standards Council, outlined how the PCI SSC engages with industry in the development of the standards using a consultative, evolutionary process.
This engagement has resulted in the most recent version of the PA DSS, which became effective on January 1st 2011.
Key changes include the expanded definition of system components to include virtual components, and the clarification that all locations and flows of cardholder data should be identified and documented to ensure accurate scoping of cardholder data environment. An evolving requirement is for payment applications to support centralised logging, in alignment with PCI DSS requirement 10.5.3..
The next UK PCI Community meeting is scheduled to take place in London from the 17th-19th of October 2011.