The PCI Community Meeting for the Americas has introduced attendees to PCI DSS 2.0 (Payment Card Industry Data Security Standard). PCI DSS is the standard for protecting credit card transactions from fraud through the specification of 12 security requirements and numerous sub-requirements.

Big changes in DSS 2.0 include clarification of the intent of specific requirements, additional guidance on the scope of assessments, and the official introduction of virtualization into the standard. See the complete summary of changes at:

Many organizations have been using server, application and desktop virtualization to more easily satisfy PCI objectives, and the formal definition of virtualization into the standard is welcomed. As a member of the PCI Board of Advisors and Chair of the Virtualization SIG, I have the privilege of working closely with the individuals aligning virtualization and PCI.

While the specifics of DSS 2.0 will not be available to the general public until the end of October, organizations that have a formal relationship with the PCI Security Standards Council are diligently reviewing advanced drafts of the standard. If you’re a PCI Participating Organization, Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV), you’re welcomed to join the Virtualization SIG as we finalize initial guidance for virtualization and target an Information Supplement for release in November. If you’re not a Participating Organization – now is a great time to join!

In addition to the DSS, updates are being made to the PA-DSS (Payment Application) and PIN Transaction Security (PTS) documents, with all three standards now being on a three-year concurrent lifecycle to make it easier on those organizations that must align with all three standards.

Citrix is proud to support PCI as a Participating Organization and to offer solutions to help companies achieve PCI compliance. Resources specific to Citrix Solutions for Complying with PCI DSS can be found at:

For official information on Payment Card Industry security standards, see:

If your company stores, processes or transmits credit cards – you need to know PCI.