The PCI Security standards council (PCI SSC) has published an update to its global data security standard. Version 3.2 replaces version 3.1 to address growing threats to customer payment information.
“We’ve seen an increase in attacks that circumvent a single point of failure, allowing criminals to access
systems undetected and to compromise card data,” explained Troy Leach, chief technology officer, PCI SSC. “A significant change in PCI DSS 3.2 includes multi-factor authentication as a requirement for any personnel with administrative access into environments handling card data.”
Other changes include updates for service providers aggregating card data, and provisions around the sunset dates for SSL and early TLS internet security protocols.
“PCI DSS is a mature standard, so the primary changes in version 3.2 are clarifications on requirements that help organisations confirm that critical data security controls remain in place throughout the year, and that they are effectively tested as part of the ongoing security monitoring process,” said Stephen Orfei, general manager, PCI SSC. The council expects future incremental revisions to address evolving threats within the payments and technology landscape.
PCI DSS version 3.1 will expire on 31 October 2016. However all new requirements are best practices until 1 February 2018 to allow organisations to prepare to implement these changes.
The post Global payment security standards updated appeared first on Payments Cards & Mobile.