Credit card security to adapt to virtualisation

The latest edition of the rules governing online credit-card transactions now have provisions for functions involving some virtual environments
Written by Darren Pauli, Contributor

The second edition of the Payment Card Industry Data Security Standard was released on Thursday and contains minor changes to take virtualisation into account and increase security levels.

The Payment Card Industry Data Security Standard (PCI DSS) mandates that organisations handling payment-card data adopt a minimum security posture for the processing of credit-card transactions. Annual compliance validation is handled either internally or by external independent Qualified Security Assessors, depending on the size of the organisation.

Virtualised systems are now included in the new agreement [PDF] as part of the PCI DSS system components, specifically in requirement 2.2.1, which details how compliance functions relate to some virtual environments. The PCI Special Interest Group, composed of auditors, merchants and financial institutions, will flesh out how other environments will affect the standard.

For more on this ZDNet UK-selected story, see PCI DSS 2.0 released, makes virtual ripples on ZDNet Australia.

Editorial standards