PCI-DSS 3.0 Security Compliance Gets Stronger

Experts say a new version of the PCI Data Security Standard may significantly impact how e-commerce is secured. PCI-DSS is a critical compliance component for conducting business, and the upcoming 3.0 version will bring with it major policy and procedural changes. “We want to try to get people out of the habit of thinking of PCI-DSS as a once a year event and then not thinking about it, because that’s where we see the breaches happen,” says PCI Security Standards Council general manager Bob Russo. He notes that PCI-DSS 3.0 will focus on education and policy to ensure payment security is constantly maintained as a discipline. “The question that the new standard will help merchants to answer is, ‘Do we have the culture to protect our customers’ cardholder data every day and every hour that we’re doing business?'” says PCI SSC’s Troy Leach. In addition, PCI-DSS testing will help ensure the process is secure instead of merely seeing if a company has a specific security technology in place. However, the new standard will not require greater audit frequency than the existing PCI-DSS 2.0 standard. PCI-DSS 3.0 takes effect in January, but existing PCI-DSS 2.0-compliant vendors will have a one-year grace period to migrate to the new standard.

[divide]

From “PCI-DSS 3.0 Security Compliance Gets Stronger”
eWeek (08/15/13) Kerner, Sean Michael