The PCI Security Standards Council has recently published a summary of upcoming updates to the PCI Data Security Standard (PCI DSS). The new version of the PCI DSS will be released in November of 2013. The goal of the updates is to make it easier for companies to integrate PCI DSS into their day to day operations. The Council hopes that making the standards more flexible and educating companies will improve payment security protocol.
By releasing this 7 page document prior to the standards being put in place, the Council hopes that companies will start learning the new policies and practices early. Companies will now have the ability to prepare and get a clear understanding of PCI security prior to the changes taking effect.
The Council gets ideas on proposed changes from constituents globally and by assessing the needs of the market. When developing the changes for PCI DSS 3.0 in particular, some areas of concern for the Council were:
- A lack of education and awareness of PCI DSS
- Usage of non-secure passwords
- Issues with 3rd party programs/companies
- Inconsistent assessments
- Failure to detect and respond to malware and other security threats
Rob Russo, the general manager of PCI SSC, said “The challenge for us now is providing the right balance of flexibility, rigor and consistency within the standards to help organizations make payment security business-as-usual. And that’s the focus of the changes we’re making with version 3.0.”
Some of the notable changes in version 3.0 are:
- Security policy and operational procedures built into each requirement
- Stricter requirements for POS security
- Considerations for cardholder data in memory
- Clarification of the level of validation expected for each requirement
- Educating companies on how to set secure passwords
For a full list of the proposed changes, you can view this document. The proposed changes are still under review and the final changes won’t be made until after the PCI Community Meetings. The final version will be published on November 7th 2013 and will take effect on January 1st 2014. Version 2.0 will remain the standard through the end of 2013.
3G Direct Pay is fully compliant with the highest level of security dictated by PCI DSS. We place customer security and the prevention of online fraud at the top of our priorities.
Eran Feinstein is the founder of 3G Direct Pay Limited. 3G provides global e-commerce and online payments solutions for the travel and related industries He is a leading authority in the fields of e-commerce, travel and payments, having acquired extensive experience from various parts of the world.