Credit card security to adapt to virtualisation

Summary:The latest edition of the rules governing online credit-card transactions now have provisions for functions involving some virtual environments

The second edition of the Payment Card Industry Data Security Standard was released on Thursday and contains minor changes to take virtualisation into account and increase security levels.

The Payment Card Industry Data Security Standard (PCI DSS) mandates that organisations handling payment-card data adopt a minimum security posture for the processing of credit-card transactions. Annual compliance validation is handled either internally or by external independent Qualified Security Assessors, depending on the size of the organisation.

Virtualised systems are now included in the new agreement [PDF] as part of the PCI DSS system components, specifically in requirement 2.2.1, which details how compliance functions relate to some virtual environments. The PCI Special Interest Group, composed of auditors, merchants and financial institutions, will flesh out how other environments will affect the standard.

For more on this ZDNet UK-selected story, see PCI DSS 2.0 released, makes virtual ripples on ZDNet Australia.

Topics: Legal


Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.