Business

Credit card security to adapt to virtualisation

The latest edition of the rules governing online credit-card transactions now have provisions for functions involving some virtual environments

Written by Darren Pauli, Contributor Oct. 29, 2010 at 2:44 a.m. PT

The second edition of the Payment Card Industry Data Security Standard was released on Thursday and contains minor changes to take virtualisation into account and increase security levels.

The Payment Card Industry Data Security Standard (PCI DSS) mandates that organisations handling payment-card data adopt a minimum security posture for the processing of credit-card transactions. Annual compliance validation is handled either internally or by external independent Qualified Security Assessors, depending on the size of the organisation.

Virtualised systems are now included in the new agreement [PDF] as part of the PCI DSS system components, specifically in requirement 2.2.1, which details how compliance functions relate to some virtual environments. The PCI Special Interest Group, composed of auditors, merchants and financial institutions, will flesh out how other environments will affect the standard.

For more on this ZDNet UK-selected story, see PCI DSS 2.0 released, makes virtual ripples on ZDNet Australia.

Editorial standards

Show Comments

Credit card security to adapt to virtualisation

Related

The work laptop I recommend to most people is not made by Apple or Lenovo

7 reasons I use Copilot instead of ChatGPT

Have an old Kindle? Whatever you do, do not do this one thing