Not only have I been lax in providing updates to the hundreds of visitors I receive, it seems that the industry itself has decided to launch a volley of information. To make these recent news releases more interesting, there has also been some contradictory articles posted to add a bit of humor and added enjoyment to our morning RSS feeds. Enough of the chit-chat, I will breakdown the latest and greatest updates in the next few posts, and try and link as accurately as possible to avoid reworking or restating what others have so thoughtfully put together.
Firstly, as I stated several weeks ago a new set of levels would be released for Merchants and it has. Please see http://www.visa.com/cisp for the new merchant levels. They are as we described before, a clearer set of guidelines that eliminates the difference between digital and in-person transactions. Newsire, and GreenPage both have articles describing the level changes. It is stated that this will only affect around 2,000 total merchants (some going up and others going down). This will require more quarterly remote certifications for merchants.
The important take away for Merchants, Service Providers, and just about anybody else that touches cardholder data is that adopting and embracing these security standards is a good and sensible plan that supports corporate governance objectives. All executives should realize that adoption of PCI DSS provides them the necessary comfort on their financial reports (SOX), and their external / internal auditors should be requiring immediate if not progressive adoption to safeguard the critical infrastructure.