Penetration Testing: Re: PCI DSS standards.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: PCI DSS standards.

From: "David M. Zendzian" <dmz () dmzs com>
Date: Fri, 04 May 2007 08:47:17 -0400

Everyone is required to be compliant with the existing standard. Thereis no "law" but there are fines that can come if you are still storingtrack data, CVV2(CVC2/...), not encrypting PAN, etc. EU also haschip&pin which has a few other requirements other than the standard PCIrequirements.

But basically, _everyone_ is required to be compliant. I don't know theexact date for requiring non-storage of track data in the UK but if youare a level 1 service provider or merchant & haven't had your on-siteassessment I would really get on it so you don't get caught withunexpected fines.


First & foremost, check with your acquiring bank.

Good luck
David

Lee Lawson wrote:

Hi all,

Does anyone know when the Payment Card Industry Data Security Standard
(PCI DSS) becomes compulsory in the United Kingdom?  I have read that
it was made compulsory in June 2005, but I think that date refers to
the USA.

Is it also becoming law?

I have tried to find the answer at pcistandards council  website but
to no avail?



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

By Date By Thread

Current thread:

PCI DSS standards. Lee Lawson (May 03)
- PCI DSS standards. Vic N (May 03)
- RE: PCI DSS standards. Paul Melson (May 04)
- Re: PCI DSS standards. David M. Zendzian (May 04)