Re: Next Version of PCI???

thomas.chen · ‎04-18-2007

Does anyone know when the next version of PCI comes out? Should I worry about PCI 1.1 now or wait until the next version of PCI comes out?

TIA

Thomas

tsteger1 · ‎04-19-2007

1.0 was released in Jan 2005 and was good for 2 years.

1.1 might be good until mid 2008 since it was released in September 2006.

I didn't see anything about when the next version was due on their web site.

I'd go with 1.1 now since it is fairly recent.

Tom

paujones · ‎04-19-2007

Thomas,

PCI DSS 1.1 is the current standard and should be followed by Retailers or anyone who tranports payment card information.

PCI DSS 1.0, based on the VISA Cardholder Information Security Program (CISP), came out in late 2004, was supposed to be in effect for Tier 1 Merchants by June 2005, and was not revised until Sept 2006. Based on that timetable, PCI does not seem to come out with new specs every year.

We've heard that PCI plans to incorporate the Visa Payment Application Best Practice (PABP) guidelines into something called the PCI Payment Application Security Standard (PASS) which should go into effect in 2008. Those guidelines are around payment devices and Payment systems and not really about the network that processes or transports the data. Companies like Verifone, Ingenico, and Hypercom, or any others that manufacture certified payment devices (with built in encryption) will be asked to follow the new, stricter PASS guidelines.

mimishaw · ‎04-27-2007

PCI 1.1 is best practice until June of 2008 and then it is mandatory - https://www.pcisecuritystandards.org/