Get started Bring yourself up to speed with our introductory content.

PCI 2.0 guide: How have PCI compliance requirements changed?

In this PCI 2.0 learning guide, you will learn how the PCI compliance requirements have changed, if those changes have improved the standard and how the changes will affect your enterprise's complaince programs and processes.

The Payment Card Industry Data Security Standard (PCI DSS) has not had an update since version 1.2 in October 2008, but that has changed with version 2.0 of PCI DSS (.pdf), which was published Oct. 28, 2010. The recent "Summary of Changes" document released by the PCI Security Standards Council (SSC) on Aug. 12 covers the proposed changes in version 2.0, and as experts expected, few alterations were made between the summary and the final release.

In this PCI 2.0 learning guide, we will discuss how the Payment Application Data Security Standard (PA DSS) and PCI compliance requirements have changed, examine why the changes were made and explain how PCI 2.0 will affect your enterprise.

PCI 2.0: Changes aren't drastic, but don't address card brand autonomy
With the new version of PCI DSS now available, many organizations are wondering how their current compliance programs and processes will be affected. Will new controls be needed? How will the standard handle emerging technologies like tokenization and server virtualization in the card data environment?

In this analysis of the changes in PCI DSS version 2.0, PCI expert Diana Kelley of consultancy SecurityCurve highlights the pros and cons of changes in PCI 2.0 and claims that while most merchants' compliance programs won't be drastically affected, some of the standard's key shortcomings remain.

PCI 2.0: PCI assessment changes explained
Version 2.0 of PCI DSS could force enterprises to make some changes to their compliance programs, and organizations should begin to think about this potential changes from a PCI assessment standpoint. Fortunately, there's time, but there's still no time to waste.

In this tip, PCI DSS expert Ed Moyle discusses the changes that organizations can expect from the standards new version, specifically detailing how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.

PCI DSS 2.0 and virtualization compliance for SMBs
The new 2.0 version of PCI DSS will introduce some revisions to the standard's compliance requirements, including key changes for SMBs in the areas of virtualization and vulnerability assessments.

In this tip from, expert Mike Chapple details the changes organizations can expect to see with PCI 2.0 and explains what midmarket firms in particular must do to comply with the new PCI compliance requirements.

PCI Security Standards Council address secure coding, key management in PCI DSS 2.0
In this next iteration of PCI DSS, version 2.0, the Payment Card Industry Security Standards Council has made its intentions clear to make clarifications on secure coding and key management, as well as a change that recommends merchants use data discovery tools to find cardholder data prior to a PCI assessment. This news article highlights these changes, as well as some other aspects of the new version of the standard.

PCI DSS 2.0 brings clarity and guidance for UK merchants
With the debut of PCI DSS 2.0, the PCI SSC focuses on guidance for risk-based compliance, and addresses issues such as virtualization and cloud security.

In this article, UK bureau chief Ron Condon discusses why any organisation handling credit card details will breathe a sigh of relief with the release of PCI 2.0, which introduces few new requirements and offers more clarification and guidance to help merchants with their compliance efforts.


  PCI 2.0 and Virtualization  

How PCI 2.0 affects virtualization compliance
Before PCI 2.0 was released, many enterprise security and compliance managers wanted to know whether the new standard would cover virtualization compliance.

In this tip from, Eric Siebert explains how PCI 2.0 affects virtualization, how the standard offers a more guidance on virtualization compliance, and also examines how PCI 2.0 still leaves a lot of room for interpretation.

Virtualization pros grapple with PCI 2.0
While the PCI 2.0 security standard has clarified that server virtualization technology can be used in PCI-regulated environments, but, according to users, PCI compliance in virtual environments still has some grey areas.

In this article, Beth Pariseau, senior news writer for, discusses how the new standard answers some of the questions formerly surrounding PCI and virtualization, but left other unanswered.

VMware and partners release PCI guidance: Virtualization news in brief
In this article from, compiled of news briefs, virtualization product vendors offer guidance for PCI-compliant virtual data centers. These briefs also include news on CA's acquisition of Hyperformix and Zimbra's certification program.

This was last published in October 2010

Dig Deeper on PCI Data Security Standard

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.