Re: PCI DSS standards.

["David M. Zendzian" <dmz () dmzs com>]

Everyone is required to be compliant with the existing standard. There 
is no "law" but there are fines that can come if you are still storing 
track data, CVV2(CVC2/...), not encrypting PAN, etc. EU also has 
chip&pin which has a few other requirements other than the standard PCI 
requirements.

But basically, _everyone_ is required to be compliant. I don't know the 
exact date for requiring non-storage of track data in the UK but if you 
are a level 1 service provider or merchant & haven't had your on-site 
assessment I would really get on it so you don't get caught with 
unexpected fines.

First & foremost, check with your acquiring bank.

Good luck
David

Lee Lawson wrote:
> Hi all,
>
> Does anyone know when the Payment Card Industry Data Security Standard
> (PCI DSS) becomes compulsory in the United Kingdom?  I have read that
> it was made compulsory in June 2005, but I think that date refers to
> the USA.
>
> Is it also becoming law?
>
> I have tried to find the answer at pcistandards council  website but
> to no avail?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------