Filter by Category

Take a Proactive Approach to New PCI DSS Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

PCI DSS compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS.  By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, Linoma Software [now HelpSystems] remains vigilant in keeping up with the latest PCI DSS standards so we can help organizations to protect their most sensitive data assets and meet compliance requirements.

Latest Posts


6 Ways to Get Internal Buy-In for Your MFT Solution

June 21, 2019

There are a lot of moving pieces that go into a product evaluation. You need to navigate through the myriad of options in today's marketplace, attend vendor demonstrations, try the software in a test…


What is a DMZ and Why Do You Need a DMZ Gateway?

June 19, 2019

If you’ve watched a science-fiction movie about space travel, then you’ve likely seen some version of a scene in which an astronaut reenters their ship from the outside abyss. Because the ship…


Eight Hacks You Can Implement to Combat "Hackable" Network Vulnerabilities

June 18, 2019

Although we’re becoming savvier to the tricks hackers have pulled in the past, they are still working to up their game and catch us where and when we least expect it. Fortunately, there are some…


How to Achieve SFTP Automation in Your Organization

June 17, 2019

Whether you regularly receive 10 or 10,000 file transfers from your SFTP partners, it can be frustrating to go in and manually retrieve, unencrypt, and process these documents. Not only is this…


How SFTP Works

June 13, 2019

How does SFTP work?When you need to secure server-to-server file transfers between yourself, your trading partners, and enterprise servers, SFTP (which stands for SSH File Transfer Protocol or Secure…