Penetration Testing mailing list archives
RE: PCI DSS standards.
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 4 May 2007 10:24:04 -0400
Does anyone know when the Payment Card Industry Data Security Standard
(PCI DSS) becomes compulsory in
the United Kingdom? I have read that it was made compulsory in June 2005,
but I think that date refers
to the USA.
I believe that PCI has been in effect worldwide since January 2005. As far as it being compulsory, that's up to the individual card schemes that you do business with. PCI Advisory Council doesn't enforce audits or impose penalties, only the card schemes (Visa, Amex, etc.) do that.
Is it also becoming law?
One of the goals of PCI was to standardize the existing processor/merchant security requirements that the big card schemes were already trying to enforce individually. Another goal is self-regulation of the industry, in hopes of preventing any such laws from being enacted. At this time I am not aware of any pending US legislation that would regulate the security of credit card processors. I don't know about the UK or anywhere else. PaulM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- PCI DSS standards. Lee Lawson (May 03)
- PCI DSS standards. Vic N (May 03)
- RE: PCI DSS standards. Paul Melson (May 04)
- Re: PCI DSS standards. David M. Zendzian (May 04)