The PCI Security Standards Council (PCI SSC) published in April, a new version of its data security standard (DSS), used to safeguard payment data before, during and after a purchase is made. The new version features several significant changes, including adding multi-factor authentication as a requirement for any personnel with administrative access into environments handling card data.
The version also requires a migration away from SSL/TLS encryption, and features mandates for organizations to ensure security controls are in place following a change in their cardholder data environment, among other updates.
PCI DSS 3.2 replaces 3.1 which will expire on October 31, which means that after that, all organizations will need to validate their compliance using v3.2 instead of 3.1. However, that deadline is extended for both SSL/TLS migration, extended to July 2018, and multi-factor authentication, which must be deployed by 1 Feb. 2018.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now