The PCI Security Standards Council issued the new PCI DSS 2.0 standard on October 28, 2010. In addition to providing greater clarity regarding scoping and interpretation of technical security requirements and procedures, Version 2.0 outlines enhanced requirements regarding: monitoring of third parties that process, transmit and store cardholder data; performing cardholder data discovery, process flows, retention and disposal; and, logging and monitoring.

Click for Agreement and to Download PCI DSS 2.0

This document is to be used by Payment Application-Qualified Security Assessors (PA-QSAs) to conduct payment application reviews, so that software vendors can validate that a payment application complies with the PCI DSS Payment Application Data Security Standard (PA-DSS). Version 2.0 aligns with PCI DSS Version 2.0 released on October 28th, 2010.

PCI Security Standards Council has released new guidance papers on the use of point-to-point encryption and EMV technologies in a payment card data environment.  These papers are the first in a series of guidance documents the Council has committed to delivering as part of its ongoing assessment of emerging technologies.

The guidance aims to provide valuable information for organizations that are considering implementations of EMV or P2PE technology within the context of PCI DSS compliance.

[Point-to-Point Encryption Technology and PCI DSS Compliance]

[PCI DSS Applicability in an EMV Environment]