PCI in Review

The number of customerdata breaches has reportedly decreased from over 350 Million in 2008 to lessthan 4 million in 2010 according to Verizon Communications research.  Visa Inc. along with the PCI Councilinstituted programs to encourage more usage of EMV (chip and pinpad orsmartcard) with incentives to reduce PCI compliance fees if they metimplementation deadlines.
Visa issued its own study showing that in 2010 there was alarger percentage of payment service
providers that were improving their PCI compliance.

  • In January 2011 Version 2.0 of PCI DSS and PA-DSS became effective.
  • In February 2011 the PCI Council announced newly enhanced educational offerings.
  • In March 2011 the PCI Council strengthened approved scanning vendor programs with a new PCI DSS training program.
  • In June PCI Council announced that PCI Awareness online training is now available as well as virtualization guidelines for PCI compliance.
  • In August 2011 the PCI Council released guidelines for the tokenization security process as well as PCI wireless guidelines.
  • In September PCI Council published requirements for using advanced, E2E (end to end), and encryption to limit PCI scope.
  • In October 2011 after stating they would no longer approve any mobile application as PCI certified, they announced that they would offer testing for encryption used in new mobile devices that manufacturers were developing or that merchants had in use. 
  • In November 2011 the PCI council announced that special interest groups would be involved in studying online and cloud computing security in 2012 to establish new security compliance standards.
PCI will continue to grow and evolve.  If you have not started addressing PCI inyour business there is no better time than now to begin.  Make it your New Year’s resolution to reachout for assistance and protect yourself as soon as possible.  Contact an STCR Representative for moreinformation at (607) 757-0181.