PCI Update

Recently updated guidelines foundon the PCI DSS website.

PCI DSS Wireless Guidelines
There is now information pertainingto Bluetooth devices and rogue wireless access points as well as somerecommended methods for testing and detecting rogue wireless access points perthe PCI DSS 2.0 requirements in part 11.1.
https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guideline_with_WiFi_and_Bluetooth_082211.pdf

PCI DSS Tokenization Guidelines

The guide contains the followingkey principles related to the use of tokenization and its relationship to PCIDSS:

1.    Tokenization solutions do not eliminate the need tomaintain and validate PCI DSS compliance, but they may simplify a merchant’svalidation efforts by reducing the number of system components for which PCIDSS requirements apply.

2.    Verifying the effectiveness of a tokenizationimplementation is necessary and includes confirming that PAN is not retrievablefrom any system component removed from the scope of PCI DSS.

3.    Tokenization systems and processes must be protectedwith strong security controls and monitoring to ensure the continuedeffectiveness of those controls.

4.    Tokenization solutions can vary greatly acrossdifferent implementations, including differences in deployment models,tokenization and de-tokenization methods, technologies, and processes.Merchants considering the use of tokenization should perform a thoroughevaluation and risk analysis to identify and document the uniquecharacteristics of their particular implementation, including all interactionswith payment card data and the particular tokenization systems and processes.