Filter by Category

Take a Proactive Approach to New PCI DSS Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

PCI DSS compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS.  By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, Linoma Software [now HelpSystems] remains vigilant in keeping up with the latest PCI DSS standards so we can help organizations to protect their most sensitive data assets and meet compliance requirements.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…