PCI DSS 2.0 released - What does it mean for you?

The new version of the PCI DSS requirements were released last Fall. If you were thinking that the new version would bring you enough work to occupy your every moment for the next several months, fear not. The changes from version 1.2 to version 2.0 are relatively minor, primarily clarifications to a number of existing requirements to give clearer explanations as to the true intent of the requirement. You can download the new requirements here.

The true cost of non-compliance

Cardholder data represents a large risk to any company that holds, processes, or transfers it. Fines levied by card issuers such as Visa and Mastercard can be extremely costly, not to mention the costs of notifying cardholders of a breach, legal action, and loss of your valuable reputation. While large enterprises typically take steps to ensure their PCI compliance, many small to mid sized firms fail to do so, believing that compliance is too difficult or costly.

The good news is that achieving compliance is often less difficult than imagined, and many requirements of PCI-DSS represent good information security practices you should already have in place. Deployment of other specialized tools such as integrity and compliance monitoring should be implemented to allow you greater insight into your PCI environment and automate checking of system settings for compliance. While achieving and maintaining PCI compliance is not without cost, costs should be weighed against the risk to your enterprise should a breach occur.