The release of Version 2.0 of the PCI (Payment Card Industry) Data Security Standard (PCI DSS) on October 28 was by no means an unanticipated event–yet industry buzz indicates that it has stirred up considerable retailer concern about many related issues. If you’re among the crowd, you can stop and take a deep breath—there’s nothing to fear.

Why not? According to the PCI Security Standards Council, which issued the standard, Version 2.0 contains “no new requirements” because “the standard is reaching maturity by growing older gracefully.” Specifically, Version 2.0 becomes effective on January 1, 2011, but validation against the old standard will be allowed until December 31, 2011. This gives merchants an entire year to absorb the new standard before validating against it. True, the old standard will “sunset” on December 31, 2011, after which merchants cannot use it for validation purposes, and all PCI validations must use Version 2.0 as of January 2012. Still, retailers are permitted to make the transition anytime in 2011.

Additionally, most of the changes found in the new standards are simply modifications to language used in the previous PCI DSS. They’re meant simply to clarify the meaning of the requirements and make it easier to understand and adopt the standards. For example, some revisions reiterate and reinforce the need to conduct thorough “scoping” exercises before PCI compliance assessments begin, in order to better understand where cardholder data resides. They also accommodate the unique environments of small merchants to simplify compliance efforts. Other specifics covered in Version 2.0, include, but aren’t limited to, a new definition of “system components” that encompasses virtual (online) components. The release of Version 2.0 begins a three-year lifecycle for PCI DSS development, with Version 3.0 of the standard slated for release in 2013.

pcAmerica can help you meet PCI compliance regulations and avoid problems in the future. For more information, visit www.pcamerica.com.