Home page logo

pen-test logo Penetration Testing mailing list archives

Re: PCI DSS standards.
From: "David M. Zendzian" <dmz () dmzs com>
Date: Fri, 04 May 2007 08:47:17 -0400

Everyone is required to be compliant with the existing standard. There is no "law" but there are fines that can come if you are still storing track data, CVV2(CVC2/...), not encrypting PAN, etc. EU also has chip&pin which has a few other requirements other than the standard PCI requirements.

But basically, _everyone_ is required to be compliant. I don't know the exact date for requiring non-storage of track data in the UK but if you are a level 1 service provider or merchant & haven't had your on-site assessment I would really get on it so you don't get caught with unexpected fines.

First & foremost, check with your acquiring bank.

Good luck

Lee Lawson wrote:
Hi all,

Does anyone know when the Payment Card Industry Data Security Standard
(PCI DSS) becomes compulsory in the United Kingdom?  I have read that
it was made compulsory in June 2005, but I think that date refers to
the USA.

Is it also becoming law?

I have tried to find the answer at pcistandards council  website but
to no avail?

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]