My Fast Cash Instant Approval
Credit Cards
Travel Reward
Credit Cards
Prepaid
Debit Cards
Bad Credit
Credit Card
Business
Credit Card
Student
Credit Cards

June 15, 2011

  • News:  PCI Release Virtualization Guidelines 

    Payment Card Industry Data Security Standard (PCI DSS) are rules that govern the credit card payment environment and requires compliance by all individuals and businesses that are involved in the card payment process. These rules are generated and monitored by the PCI Security Standards Council which is made up of the leading credit card brands such as Visa and MasterCard. It is the goal of the Council to ensure that all credit card customer data is protected against card fraud. Tuesday, the Council released its new rules that govern virtualization; PCIDSS Virtualization Guidelines. Virtualization technology refers to the growing development and use of high tech cloud computing which would temporarily suspend the card data in some other way other than its actual form.

    Virtualization technology would involve such new credit card technology as tokenization, chip and PIN and end-to-end encryption that has become increasingly more popular. New PCIDSS rules govern the organizations that operates within the card payment processes that utilize virtualization technology. According to the new PCIDSS rules, despite the obvious benefits of virtualization, its complexity could result in an "accidental misconfiguration". The 39 page document addresses the risk to credit cardholders with the use of virtualization and isolating its vulnerabilities that place card data at risk. New rules also call for implementation of controls for access by host systems as well as seeks to define virtualization elements that are within the scope of PCI compliance.

    A special interest group (SIG) was formed to break down the virtualization process led by SIG Chair Kurt Roemer who is the Chief Security Strategist at Citrix Systems along with 30 plus expects from other organizations. The goal of SIG is to help merchants, service providers, electronic payment processors and other interested parties understand how the virtualization process has a potential for accidental misconfiguration placing credit card data at risk. It further attempts to outline rules that will have minimize these risks under the guidance of the PCI DSS. Interested parties can visit the PCI website to sign up for a webinar to learn additional details covering the new rules.

    Back to News Main Page