IMGCAP(1)]
Forthcoming changes in Version 1.2 of the Payment Card Industry Data Security Standard that go into effect Oct. 1 do not include major new requirements, the Payment Card Industry Security Standards Council announced yesterday. However, the new version does clarify the requirements in version 1.1, according to the Wakefield, Mass.-based council. For instance, version 1.2 adds to requirement eight of the standard, which says testing procedures must verify passwords are unreadable in storage and transmission. Version 1.2 clarifies requirement eight in part by requiring merchants to assign a unique identification aspect to each person with computer access. Version 1.2 will become effective upon its release. However, the council has not said when assessors should stop using the older version. "Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices," Bob Russo, council general manager, said in a statement. The council intends to update the Data Security Standard every two years. A council representative was not available for comment by CardLine deadline.
