The latest payment card industry data security standards released in a report from the PCI Security Standards Council didn't bring with them any "new major requirements," but made many of the basic measures more clear. Notable changes include a greater focus on storing and managing cardholder data and the ability for organizations to more effectively and specifically prioritize vulnerabilities.
"The nature of the changes is a testament to the strength and growing global maturity of the standards as a framework for securing cardholder data," said Bob Russo, general manager of the council. More than 1,500 people from 600 organizations around the world took part in the council's annual community meetings to help finalize the Version 2.0 requirements, the report said.
The new rules for PCI DSS and Payment Application Data Security Standards will take effect January 1, 2011.