Several people have asked me about the change history of the Payment Card Industry Data Security Standard (PCI DSS). In a nutshell, change has been minor.
The exception in the latest version (DSS 1.2) is Requirement 6, which added significant changes to web application security.
Requirement 10.7 provides a good example of the subtlety found in most other areas:
|DSS 1.0||DSS 1.1||DSS 1.2|
|An audit history usually covers a period of at least one year, with a minimum of 3 months available online.||Retain audit trail history for at least one year, with a minimum of three months online availability.||Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).|