Payment Card Industry (PCI) Security Standards Council announced the summary of forthcoming changes as well as the timeline for the release and implementation of PCI DSS version 1.2, scheduled to take effect starting 1 October 2008.

The new set of standards aims to introduce changes and requirements all aimed to improve network security, offer upgraded cardholder data protection, ensure the use of powerful access control measures, manage vulnerabilities and conduct regular security tests. Among other things, version 1.2 of the PCI DSS ensure greater flexibility of network firewall rules for increased customisation of a company’s risk management practices, stronger wireless encryption protocols for remote authentication and transmission of cardholder data and the implementation of two-factor authentication.

These changes all have in view the creation of a solid, secure credit and debit card payment environment, particularly in view of recent concerns regarding escalating identity theft and credit card fraud. The current PCI DSS upgrade comes as a result of extensive feedback gathered from participating organizations.