The PCI Security Standards Council (PCI SSC) has launched version 2.0 of the PCI DSS and PA-DSS (Payment Card Industry Data Security Standard and Payment Application Data Security Standard).

The latest version is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants, and becomes effective on January 1, 2011.

The standards were the main topic of discussion at the Council’s Annual Community Meetings in Orlando, Florida and Barcelona, Spain, where stakeholders had the opportunity to review the standards.

No new major requirements were introduced in Version 2.0, with the majority of changes being modifications to the language to clarify meanings and make understanding and adoption easier for merchants.

“The nature of the changes is a testament to the strength and growing global maturity of the standard as a framework for securing cardholder data,” said Bob Russo, general manager of the Council. “I want to thank each and every individual and organisation who contributed to the development of these standards. IT’s their input that’s critical in making the PCI Security Standards an excellent baseline for protecting payments card data.”

The Council has also launched a new website with updated materials and navigational tools aimed at providing its diverse stakeholders with the targeted information necessary to understand the standards and apply them in their organisations. It also features a dedicated site for this key group with resources to address their unique environments.

The standards, a summary of changes and supporting documents can be found here.

The PCI DSS 2.0 standard, the ‘security rules’ under which all organisations that process credit card transactions must achieve, have been described as “relatively minor” by the industry. Imperva CTO, Amichai Shulman, said: “The new life cycle allocates one-year for full deployment of the recent standard, one-year of feedback submission and review, and one-year for formalisation of the new revision.

“Since its inception, PCI has expanded awareness to data security risks and has driven major investments in data security technology and processes. The evolution of PCI DSS by the PCI Council is aimed as adapting the standard to the evolving threat and technology landscape, while reducing the cost of compliance. PCI DSS 2.0 is an important step in that direction.”

Share Story: