SOURCE: Ipswitch


October 19, 2010 09:00 ET

PCI DSS 2.0 Makes for Smarter Data Transfer Security

Changes to Data Transfer Regime Within New Version of Standard Become Clear

LEXINGTON, MA--(Marketwire - October 19, 2010) -  Ipswitch, Inc., an innovator of secure, managed file transfer solutions, today identified five key changes to the Payment Card Industry Data Security Standard (PCI DSS) that will substantially affect businesses transferring sensitive credit card data. The final draft of the standard will be released on October 28. However, the substance of many changes is now clear, whilst working groups on emerging technologies continue to report on forthcoming inclusions in the standard.

"The impending changes reflect developments in technology, the cost pressures on businesses and the development of smart, accepted practices," explained Jonathan Lampe, VP of Product Management at Ipswitch and representative on the PCI Community Council. "Around fifty of our customers, from all over the world, are represented on the council. The emphasis has been on identifying what's secure and what works best."

Key changes forthcoming in PCI DSS 2.0 that will impact on the transfer of sensitive data include:

  • Explicit recognition of SFTP as a secure protocol.
  • Audit of virtual machine infrastructure and virtualisation hypervisors will be brought within the scope of PCI DSS.
  • Rotation requirements for the purposes of key management will be "based on industry best practices and guidelines" rather than an annual stipulation.
  • Identity and authentication requirements for users, "non-consumers" and administrators will be split further.
  • More specific requirements will be implemented around the auditability and security of timekeeping, especially as recorded in audit logs. (Coordinated and reliable timestamps are helpful during civil and criminal investigations as well as internal forensics investigations).

In addition, Lampe identifies the expected incorporation of tokenization technologies into official PCI guidance as a key security and cost saving development.

"Tokenization -- the use of data tokens in place of sensitive data such as PAN -- is essentially a cost saving measure," Lampe continued. "Early adopters are shrinking the costs of PCI compliance by handing responsibility for their most sensitive information to a trusted custodian, saving them the expense of treating every interaction as top secret. Tokenization is already accepted by Visa and is the focus of a current PCI Council committee; the next logical step is for it to be incorporated into official PCI guidance."

About Ipswitch File Transfer
Ipswitch File Transfer is a global technology provider that builds solutions to securely move your valuable data. We enable companies and people to better manage their data interactions when visibility, management and enforcement matter. Our managed file transfer solutions deliver the control necessary to enable governance and compliance for millions of global users -- including the majority of Fortune 1000 enterprises and government agencies. These organizations trust Ipswitch File Transfer solutions to secure, manage, automate and streamline their critical and highly sensitive file transfers and data workflows. Learn more at or contact us at, LinkedIn or Twitter.

Contact Information


Keyword Cloud

View Website