Just as you were getting comfortable with the latest version of the Payment Card Industry (PCI) Data Security Standard, version 3.1, and the differences between SSL and TLS, your IT administrator walks in and says, “Here comes version 3.2.” And if your company is involved with credit card processing, the idea of a new PCI version probably just sent a jolt to annual budget management.
The PCI Council, which maintains, evolves and promotes the PCI Security Standards, is beginning to engage an incremental approach to credit card processing security. In order to address the endless varieties of security issues related to credit card processing, the council plans to forgo the later 2016 release in favor of the release of version 3.2, which could be published as soon as March/April 2016.
Version 3.1 addressed the SSL/TLS security vulnerabilities discovered with the POODLE attack method and retired version 3.0 in June 2015. Version 3.1 was scheduled to be required for all PCI environments by June 30, 2016, but has taken longer to implement due to a number of issues including customer integration and cost. Version 3.2 is said to address the new sunset date for version 3.1 and provide guidance on new administrative access to card data environments, new requirements for service providers and clarity around primary account numbers (PAN) constraints.
For more information about Skoda Minotti’s PCI Compliance Services and how the release of version 3.2 and how it could impact your company, contact James Griffith at 888-201-4484 or firstname.lastname@example.org.