PCI 3.0 special report: Reviewing the state of payment card compliance

• 

  Article

  PCI 3.0: New requirements cover pen testing, service providers

  Version 3.0 of the Payment Card Industry Data Security Standard has few surprises, but a host of new requirements and challenges for merchants. Read Now

• 

  Article

  PCI DSS version 3.0 analysis: The five most important changes

  PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Read Now

• 

  Article

  PCI QSA analysis: PCI DSS 3.0 is a step forward

  A veteran Qualified Security Assessor believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes. Read Now

• 

  Article

  PCI DSS review: Assessing the PCI standard nine years later

  As the industry preps for PCI DSS 3.0, compliance expert Mike Chapple reviews PCI's successes and failures. Has it made card data more secure? Read Now

Editor's note

It's been three years in the making. The third iteration of the Payment Card Industry Data Security Standard, arguably enterprise information security's most important and successful mandate, updates the rules merchants must follow to protect customer payment card data.

PCI DSS 3.0 raises the bar for vulnerability assessments, password management and provider compliance. Which changes will have the greatest effect on the PCI compliance process? Does PCI 3.0 go too far, or not far enough? How should enterprises prepare for PCI 3.0 assessments in 2015? We tackle those questions and more in this exclusive SearchSecurity special report.

1PCI DSS: A history in pictures

SearchSecurity is pleased to present an original visual timeline detailing the history of the PCI DSS, listing dates, events and people that have been crucial in the creation and evolution of the payment card industry compliance mandate.

• Article

  Visual timeline: The history of PCI DSS

  The origins of the PCI Data Security Standard date to the late 1990s. Explore key events in the history of PCI DSS, from Y2K to PCI DSS 3.0. Read Now

2Bonus content: Events in PCI DSS history

As a supplement to our "Visual timeline: The history of PCI DSS," review these historical articles detailing notable events that shaped the creation and development of the Payment Card Industry Data Security Standard.

• Article

  Swiping back: Praise for PCI Data Security Standard

  PCI is winning praise from security experts for providing specific requirements on encrypting data, implementing access controls and configuring firewalls. Read Now

• Article

  New PCI Council details changes to Data Security Standard

  Version 1.1 clarifies existing requirements, as well as adds some requirements, but contrary to speculation over the past few months, it does not relax or water down security requirements for merchants and vendors. Read Now

• Article

  PCI DSS assessors see lessons in TJX data breach

  According to several PCI auditors, companies should study the TJX security breach for clear lessons on what not to do with customer data. Read Now

• Article

  First Data CISO calls for PCI DSS changes

  Phil Mellinger, who developed the precursor to the current PCI DSS rules, is calling for an overhaul to eliminate subjectivity. Read Now

• Article

  PCI DSS: The bar should not be lowered

  PCI SSC general manager Bob Russo says the baseline principle of protecting customer data will not be advanced by a loosening of PCI DSS requirements. Read Now

• Article

  PCI Council adds new standard for payment applications

  The new Payment Application Data Security Standard, or PA-DSS, is based on Visa's Payment Application Best Practices, or PABP. Read Now

• Article

  PCI SSC launches assessor quality assurance program

  The program will involve staff members who will be dedicated to quality assurance, and will evaluate feedback from merchants on assessors. Read Now

• Article

  Heartland breach highlights PCI DSS limitations

  Eric Ogren says the standard is often overkill for enterprises and the prescriptive nature of PCI inhibits innovation in such areas as virtualization and cloud computing. Read Now

• Article

  TJX, Heartland hacker sentenced to 20 years in prison

  A federal judge sentenced Albert Gonzalez to 20 years in prison for his involvement in a series of massive data security breaches at Heartland Payment Systems and other companies. Read Now

• Article

  PCI DSS risk assessment methodology unique to each company

  According to a new report by the PCI SSC, organizations need to create a risk assessment methodology that works for their specific business environment. Read Now