Summary of changes to PCI DSS 1.2 for October 2008


There were two press releases released by the Payment Card Industry Security Standards Council (PCIco) today:

The first item lists a summary of changes we should expect in PCI 1.2 which will be released in October 2008

Changes to the PCI DSS include clarifications and explanations to the requirements,
with these clarifications offering improved flexibility to address today’s security challenges in the payment card transaction environment

The following are the main highlights:

  • WEP is no longer allowed and is being phased out

  • Wireless must now be implemented according to industry best practices (e.g., IEEE 802.11x) using strong encryption for authentication and transmission.

  • New implementations of WEP are not allowed after March 31, 2009.

  • Current implementations must discontinue use of WEP after June 30, 2010

  • Use of anti-virus software applies to all operating system types

  • Flexibility to the patching requirement by specifying that a risk-based approach may be used to prioritize patch installation

  • Various re-wording of items for clarification purposes.

Get the details here:

The Payment Card Industry Data Security Standard (DSS) v 1.2 will replace the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.

The last item relates the the webinar:

“A Perfect Fit - Understanding the Interrelationship of the PCI Standards,” to be held on Thursday August 21, 2008 at 9:00 a.m. EDT and a second session the same day at 7:30 p.m. EDT.

Webinar participants will discover:

• How the PCI DSS, PA-DSS and PED Security Requirements interrelate;
• Why merchants should know about PA-DSS and PED;
• Why incorporating PCI standards is your best approach to protecting cardholder
• Using PCI standards as a model for data security.

To register for the Thursday, September 4, 2008 session at 9:00 a.m. EDT session, visit or for the 7:30 p.m. EDT session. The morning webinar


Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now