PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate

By: Gene Geiger, Partner of A-LIGN

Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013.

Through several webinars and documents provided to stakeholders, the Council has provided information on the final draft in order to receive feedback at the 2013 Community that will be held in Las Vegas September 24 – 26.

The core twelve requirements remain the same, but after a review of the changes and guidance provided by the Council, the change to Version 3.0 is more comprehensive than we experienced with previous version changes. However, due to the impact of these changes and the time it may take to fully comply with the requirements of Version 3.0, Version 2.0 may be used for assessment until December 31, 2014. Nonetheless, the Council encourages adoption of Version 3.0 as soon as practical. Continue reading “PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate”