Home page logo

pen-test logo Penetration Testing mailing list archives

RE: PCI DSS standards.
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 4 May 2007 10:24:04 -0400

Does anyone know when the Payment Card Industry Data Security Standard
(PCI DSS) becomes compulsory in 
the United Kingdom?  I have read that it was made compulsory in June 2005,
but I think that date refers 
to the USA.

I believe that PCI has been in effect worldwide since January 2005.  As far
as it being compulsory, that's up to the individual card schemes that you do
business with.  PCI Advisory Council doesn't enforce audits or impose
penalties, only the card schemes (Visa, Amex, etc.) do that.

Is it also becoming law?

One of the goals of PCI was to standardize the existing processor/merchant
security requirements that the big card schemes were already trying to
enforce individually.  Another goal is self-regulation of the industry, in
hopes of preventing any such laws from being enacted.  At this time I am not
aware of any pending US legislation that would regulate the security of
credit card processors.  I don't know about the UK or anywhere else.


This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]