A revised version of an important security standard for ecommerce merchants was published on Wednesday. Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS) mostly tweaks and clarifies the existing framework for the secure processing of credit card data. The 12 existing requirements - covering areas such as the need to used a firewall, store cardholder data securely and encrypt transmission of cardholder data - remain unchanged.
The revised standard, however, adds tighter controls for the security of wireless networks. The latest version of the standard calls for wireless networks "connected to cardholder data environments" to be tested alongside those that transmit card data. Also, use of the aging WEP wireless encryption will not be allowed in certified environments from the start of July 2010, and banned in new environments from April 2009.