DARKReading has the highlights of the changes of v3.0 compared with v2.0
SearchSecurity also has a synopsis – with the 5 most important changes:
1. Pentesting (Penetration testing)
2. inventory system components
3. Vendor relationships
4. Antimalware
5. Physical access
All of the changes make sense in light of the Target breach which we will review in more detail on a separate post. the most important is the Pentesting and segmentation of networks from your vendors. It is likely that one of the vendors at Target caused the breach, or at least helped the exfiltration of the Credit card data.
Here is a snapshot from the actual v3.0 PCI DSS doc
