Next Version of PCI???

Unanswered Question
Apr 18th, 2007
User Badges:
  • Silver, 250 points or more

Does anyone know when the next version of PCI comes out? Should I worry about PCI 1.1 now or wait until the next version of PCI comes out?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
tsteger1 Thu, 04/19/2007 - 12:25
User Badges:
  • Red, 2250 points or more

1.0 was released in Jan 2005 and was good for 2 years.

1.1 might be good until mid 2008 since it was released in September 2006.

I didn't see anything about when the next version was due on their web site.

I'd go with 1.1 now since it is fairly recent.


paujones Thu, 04/19/2007 - 21:27
User Badges:
  • Cisco Employee,


PCI DSS 1.1 is the current standard and should be followed by Retailers or anyone who tranports payment card information.

PCI DSS 1.0, based on the VISA Cardholder Information Security Program (CISP), came out in late 2004, was supposed to be in effect for Tier 1 Merchants by June 2005, and was not revised until Sept 2006. Based on that timetable, PCI does not seem to come out with new specs every year.

We've heard that PCI plans to incorporate the Visa Payment Application Best Practice (PABP) guidelines into something called the PCI Payment Application Security Standard (PASS) which should go into effect in 2008. Those guidelines are around payment devices and Payment systems and not really about the network that processes or transports the data. Companies like Verifone, Ingenico, and Hypercom, or any others that manufacture certified payment devices (with built in encryption) will be asked to follow the new, stricter PASS guidelines.


This Discussion