01Jul, 2016

PCI DSS/ Security Compliance

PCI DSS version 3.2 – key changes, dates & impacts

Ensuring achievement & maintenance of PCI compliance is primarily the duty of the payment card brands and the acquiring banks, along with retailers and businesses. If you’re a company that handles credit card information you need to be aware of the new PCI security standards (3.2), its key changes, dates and potential impacts on your business.

The PCI Security Standards Council (PCI SSC) says its new PCI version 3.2 will be used by card handling organisations to protect payment card data from theft.

The updates within the 3.2 version come as a result of feedback from more than 700 participating organisations worldwide as well as data breach report findings and changes in payment acceptance, says the council. It has added guidelines to help integrators, resellers and others implementing payment software to protect payment account data.

The council’s analysis of recent cardholder data breaches and PCI DSS compliance trends reveal that many companies view PCI DSS compliance as an annual exercise and do not have processes in place to ensure that PCI DSS security controls are continuously enforced.

It says the process of adhering to PCI DSS requirements is what is meant to be “PCI compliant”. The Report on Compliance (ROC) simply validates that the processes are in place and can evolve as an organisation changes over the course of a year.

The changes for service providers will provide greater assurance that security will remain as expected for both the provider and the customers that rely on those services.

The new version is now in effect and the council says it won’t be releasing any further updates this year. Version 3.1 will be retired after a period of about three months to allow organisations to complete PCI DSS v3.1 assessments already under way.

To find out more about the latest PCI DSS 3.2 Version changes and its impact on your business. Download our latest eBook “An Insight into PCI DSS 3.2” here.

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More