04-18-2007 05:40 AM - edited 03-09-2019 05:49 PM
Does anyone know when the next version of PCI comes out? Should I worry about PCI 1.1 now or wait until the next version of PCI comes out?
TIA
Thomas
04-19-2007 12:25 PM
1.0 was released in Jan 2005 and was good for 2 years.
1.1 might be good until mid 2008 since it was released in September 2006.
I didn't see anything about when the next version was due on their web site.
I'd go with 1.1 now since it is fairly recent.
Tom
04-19-2007 09:27 PM
Thomas,
PCI DSS 1.1 is the current standard and should be followed by Retailers or anyone who tranports payment card information.
PCI DSS 1.0, based on the VISA Cardholder Information Security Program (CISP), came out in late 2004, was supposed to be in effect for Tier 1 Merchants by June 2005, and was not revised until Sept 2006. Based on that timetable, PCI does not seem to come out with new specs every year.
We've heard that PCI plans to incorporate the Visa Payment Application Best Practice (PABP) guidelines into something called the PCI Payment Application Security Standard (PASS) which should go into effect in 2008. Those guidelines are around payment devices and Payment systems and not really about the network that processes or transports the data. Companies like Verifone, Ingenico, and Hypercom, or any others that manufacture certified payment devices (with built in encryption) will be asked to follow the new, stricter PASS guidelines.
04-27-2007 06:08 AM
PCI 1.1 is best practice until June of 2008 and then it is mandatory - https://www.pcisecuritystandards.org/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide