Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

As we gear up to attend this year’s PCI North American Community Meeting at the end of the month, the last couple of weeks offered a preview of what will be discussed and included in Version 3.0 of the standards.

According to a recent PCI webcast I attended and PCI’s change highlights document, the updated versions of PCI DSS and PA-DSS will emphasize old themes and new.

New themes include:

  • Education and awareness – including a focus on self detection, PA-DSS training to ensure proper design and implementation, and password security best practices to prevent a data breach 
  • Increased flexibility – providing added flexibility on ways to meet the requirements to enable a more customized approach
  • Security as a shared responsibility – acknowledging the complexity of today’s payment environment and third party players involved
  • Scoping – including a new mandatory inventory of PCI-impacted systems
  • More clarification – providing more explanation and detail on when and how PCI DSS applies to clarify intent and increase understanding
  • Enhance test procedure / penetration testing – putting more emphasis on the quality and consistency of assessments

And there are a couple old themes being emphasized…

  • Making PCI DSS “business as usual”More than a once-a-year, “check the box” event, the Council is stressing the need for continuous compliance and ongoing security processes that persist beyond auditor visits. “We are looking to create a culture of security by developing a more process-oriented version of the standards and fostering more education and awareness for IT personnel,” said Troy Leach, PCI SSC CTO, in an interview with Infosecurity magazine.
  • The human factor – One of the most surprising things revealed in data breach studies is how most could have been avoided by following basic security practices. It’s a subject we dedicated a series of blog posts to last summer.

We’ll let you know what we learn at the Community Meeting. Look for the new standards to be published on November 7, effective January 1, 2014.

Powered By DT Author Box

Written by Celine Helderman

Celine Helderman

Celine Helderman is one of our product managers. With more than 10 years of international working experience, Celine brings a wealth of knowledge in product launch and product portfolio strategy and positioning, and was instrumental in the development of our e-commerce and managed firewall solutions.

Write a Comment

Google Advertisement