Penetration Testing mailing list archives
Re: PCI DSS standards.
From: "David M. Zendzian" <dmz () dmzs com>
Date: Fri, 04 May 2007 08:47:17 -0400
Everyone is required to be compliant with the existing standard. There is no "law" but there are fines that can come if you are still storing track data, CVV2(CVC2/...), not encrypting PAN, etc. EU also has chip&pin which has a few other requirements other than the standard PCI requirements.
But basically, _everyone_ is required to be compliant. I don't know the exact date for requiring non-storage of track data in the UK but if you are a level 1 service provider or merchant & haven't had your on-site assessment I would really get on it so you don't get caught with unexpected fines.
First & foremost, check with your acquiring bank. Good luck David Lee Lawson wrote:
Hi all, Does anyone know when the Payment Card Industry Data Security Standard (PCI DSS) becomes compulsory in the United Kingdom? I have read that it was made compulsory in June 2005, but I think that date refers to the USA. Is it also becoming law? I have tried to find the answer at pcistandards council website but to no avail?
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- PCI DSS standards. Lee Lawson (May 03)
- PCI DSS standards. Vic N (May 03)
- RE: PCI DSS standards. Paul Melson (May 04)
- Re: PCI DSS standards. David M. Zendzian (May 04)