From: David M. Zendzian (dmz@dmzs.com)
Date: Fri May 04 2007 - 08:47:17 EDT
Everyone is required to be compliant with the existing standard. There
is no "law" but there are fines that can come if you are still storing
track data, CVV2(CVC2/...), not encrypting PAN, etc. EU also has
chip&pin which has a few other requirements other than the standard PCI
requirements.
But basically, _everyone_ is required to be compliant. I don't know the
exact date for requiring non-storage of track data in the UK but if you
are a level 1 service provider or merchant & haven't had your on-site
assessment I would really get on it so you don't get caught with
unexpected fines.
First & foremost, check with your acquiring bank.
Good luck
David
Lee Lawson wrote:
> Hi all,
>
> Does anyone know when the Payment Card Industry Data Security Standard
> (PCI DSS) becomes compulsory in the United Kingdom? I have read that
> it was made compulsory in June 2005, but I think that date refers to
> the USA.
>
> Is it also becoming law?
>
> I have tried to find the answer at pcistandards council website but
> to no avail?
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT