Ensuring achievement & maintenance of PCI compliance is primarily the duty of the payment card brands and the acquiring banks, along with retailers and businesses. If you’re a company that handles credit card information you need to be aware of the new PCI security standards (3.2), its key changes, dates and potential impacts on your business.
The PCI Security Standards Council (PCI SSC) says its new PCI version 3.2 will be used by card handling organizations to protect payment card data from theft.
The updates within the 3.2 version come as a result of feedback from more than 700 participating organisations worldwide as well as data breach report findings and changes in payment acceptance, says the council. It has added guidelines to help integrators, resellers and others implementing payment software to protect payment account data.
The council’s analysis of recent cardholder data breaches and PCI DSS compliance trends reveal that many companies view PCI DSS compliance as an annual exercise and do not have processes in place to ensure that PCI DSS security controls are continuously enforced.
It says the process of adhering to PCI DSS requirements is what is meant to be “PCI compliant”. The Report on Compliance (ROC) simply validates that the processes are in place and can evolve as an organisation changes over the course of a year.
The changes for service providers will provide greater assurance that security will remain as expected for both the provider and the customers that rely on those services.
The new version is now in effect and the council says it won’t be releasing any further updates this year. Version 3.1 will be retired after a period of about three months to allow organisations to complete PCI DSS v3.1 assessments already under way.
To find out more about the latest PCI DSS 3.2 Version changes and its impact on your business. Download our latest eBook “An Insight into PCI DSS 3.2” here.