RE: PCI DSS standards.

["Paul Melson" <pmelson () gmail com>]

> Does anyone know when the Payment Card Industry Data Security Standard
(PCI DSS) becomes compulsory in 
> the United Kingdom?  I have read that it was made compulsory in June 2005,
but I think that date refers 
> to the USA.

I believe that PCI has been in effect worldwide since January 2005.  As far
as it being compulsory, that's up to the individual card schemes that you do
business with.  PCI Advisory Council doesn't enforce audits or impose
penalties, only the card schemes (Visa, Amex, etc.) do that.


> Is it also becoming law?

One of the goals of PCI was to standardize the existing processor/merchant
security requirements that the big card schemes were already trying to
enforce individually.  Another goal is self-regulation of the industry, in
hopes of preventing any such laws from being enacted.  At this time I am not
aware of any pending US legislation that would regulate the security of
credit card processors.  I don't know about the UK or anywhere else.

PaulM




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------