Although version 3.2 of the PCI Data Security Standard (PCI DSS) was released over half a year ago, its impact will stretch much further into the future. In a way, the strategic introduction of the standard is the most noteworthy element about it. There are a few essential changes, but the projected runway provides more than enough time for organizations to brace themselves. As Payment Card Industry Security Standards Council's CTO Troy Leach stated in an interview, he believes the postponed update will give organizations the time they need to effectively implement security processes that help mitigate against cyberattacks. However, this does not mean that companies are off the hook, as today’s “most advanced” security technology can become a vulnerability to exploit for tomorrow’s cyber criminals. Follow along as the Rippleshot Team looks at The Key Highlights of PCI DSS 3.2.
Even though the PCI DSS 3.2 is available for assessments, and has been in effect since the end of April, the 3.1 assessment stayed available for organizations until October 31st. Also, all of the requirements that are new to PCI DSS 3.2 will have a generous grace period, taking effect on February 1st of 2018 instead of within a year or two. However, the timeline for upgraded encryption was more accelerated, as migration from SSL (Secure Sockets Layer) and TLS (Transport Layer Security) 1.0, both forms of cryptography, is mandated by June 30th, 2018. Service providers will be required to provide a “secure offering” by 2016, with the exception of certain point-of-sale (POS) or point-of-interaction (POI) systems.
The key requirements included in the PCI DSS 3.2 are centered around a reformed change-management process, multi-factor authentication, service provider regulations, primary account number (PAN) masking, among others. Here are the most important to consider:
Want to learn more? Subscribe to Rippleshot’s Weekly Newsletter below:
Subscribe to Data Breach Ripples
You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.