TOP Q: What are the most important changes in Version 1.2 of the DSS?
• Removed requirement to disable broadcast wireless SSID. • For new wireless implementations after March 31, 2009, WEP is prohibited. • For existing wireless implementations, WEP is prohibited after June 30, 2010. • Included Unix-based systems in anti-virus requirement. • Under 11.3, clarified rule that both internal and external testing is required. TOP Q: Does PCI compliance apply to non-profit organizations? A: Yes, neither the PCI SSC nor the acquiring banks are likely to give you a free pass just because your stated goal is to be a non-profit organization. The liability and risks still exist and need to be addressed. In fact, because you are a non-profit organization the effects of a data breach could be even more damaging to your business due to the fines and other possible penalties. TOP Q: What is MOTO? A: MOTO = Mail Order/Telephone Order. This refers to vendors who either take credit card data over the phone or by mail. TOP Q: What’s the difference between PED and EPP? A: PED
