BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
PCI 3.0 special report: Reviewing the state of payment card compliance
-
Article
PCI 3.0: New requirements cover pen testing, service providers
Version 3.0 of the Payment Card Industry Data Security Standard has few surprises, but a host of new requirements and challenges for merchants. Read Now
-
Article
PCI DSS version 3.0 analysis: The five most important changes
PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Read Now
-
Article
PCI QSA analysis: PCI DSS 3.0 is a step forward
A veteran Qualified Security Assessor believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes. Read Now
-
Article
PCI DSS review: Assessing the PCI standard nine years later
As the industry preps for PCI DSS 3.0, compliance expert Mike Chapple reviews PCI's successes and failures. Has it made card data more secure? Read Now
Editor's note
It's been three years in the making. The third iteration of the Payment Card Industry Data Security Standard, arguably enterprise information security's most important and successful mandate, updates the rules merchants must follow to protect customer payment card data.
PCI DSS 3.0 raises the bar for vulnerability assessments, password management and provider compliance. Which changes will have the greatest effect on the PCI compliance process? Does PCI 3.0 go too far, or not far enough? How should enterprises prepare for PCI 3.0 assessments in 2015? We tackle those questions and more in this exclusive SearchSecurity special report.
1PCI SSC leaders answer questions on PCI 3.0
Listen to an exclusive interview with the top executives of the PCI Security Standards Council.
2PCI DSS: A history in pictures
SearchSecurity is pleased to present an original visual timeline detailing the history of the PCI DSS, listing dates, events and people that have been crucial in the creation and evolution of the payment card industry compliance mandate.
3Bonus content: Events in PCI DSS history
As a supplement to our "Visual timeline: The history of PCI DSS," review these historical articles detailing notable events that shaped the creation and development of the Payment Card Industry Data Security Standard.
-
Article
Lack of guideline uniformity puts Visa merchants in quandary
Compliance with Visa's 2001 mandate may be hard because of a lack of uniformity between Visa's North American and International divisions' guidelines. Read Now
-
Article
Swiping back: Praise for PCI Data Security Standard
PCI is winning praise from security experts for providing specific requirements on encrypting data, implementing access controls and configuring firewalls. Read Now
-
Article
New PCI Council details changes to Data Security Standard
Version 1.1 clarifies existing requirements, as well as adds some requirements, but contrary to speculation over the past few months, it does not relax or water down security requirements for merchants and vendors. Read Now
-
Article
TJX breach worse than originally feared
Customers who used their cards at the company's stores between January 2003 and June 2004 were discovered to be at risk. Read Now
-
Article
PCI DSS assessors see lessons in TJX data breach
According to several PCI auditors, companies should study the TJX security breach for clear lessons on what not to do with customer data. Read Now
-
Article
First Data CISO calls for PCI DSS changes
Phil Mellinger, who developed the precursor to the current PCI DSS rules, is calling for an overhaul to eliminate subjectivity. Read Now
-
Article
PCI DSS: The bar should not be lowered
PCI SSC general manager Bob Russo says the baseline principle of protecting customer data will not be advanced by a loosening of PCI DSS requirements. Read Now
-
Article
PCI Council adds new standard for payment applications
The new Payment Application Data Security Standard, or PA-DSS, is based on Visa's Payment Application Best Practices, or PABP. Read Now
-
Article
In FTC settlement, TJX agrees to 20 years of audits
TJX agreed to implement tighter security and allow its data to be audited to settle charges that its poor security led to the massive data security breach. Read Now
-
Article
PCI SSC launches assessor quality assurance program
The program will involve staff members who will be dedicated to quality assurance, and will evaluate feedback from merchants on assessors. Read Now
-
Article
Expert predicts PCI DSS problems for retailers
An expert says it could cost millions of dollars for retailers to rip and replace outdated systems and devices still using Wired Equivalent Privacy, or WEP, to secure 802.11 Wi-Fi networks. Read Now
-
Article
Heartland breach highlights PCI DSS limitations
Eric Ogren says the standard is often overkill for enterprises and the prescriptive nature of PCI inhibits innovation in such areas as virtualization and cloud computing. Read Now
-
Article
TJX, Heartland hacker sentenced to 20 years in prison
A federal judge sentenced Albert Gonzalez to 20 years in prison for his involvement in a series of massive data security breaches at Heartland Payment Systems and other companies. Read Now
-
Article
PCI DSS 2.0 addresses secure coding, key management
Minor changes will be the rule for the 2.0 iteration of PCI DSS, including clarifications on secure coding and key management and a change that recommends merchants use data discovery tools to find cardholder data before a PCI assessment. Read Now
-
Article
PCI DSS risk assessment methodology unique to each company
According to a new report by the PCI SSC, organizations need to create a risk assessment methodology that works for their specific business environment. Read Now
4Your questions answered
SearchSecurity experts Mike Chapple (enterprise compliance, standards and frameworks) and Joseph Granneman (security management) are standing by to answer your questions about PCI DSS compliance.