Filter by Category

Take a Proactive Approach to New PCI DSS Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

PCI DSS compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS. By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, HelpSystems [formerly Linoma Software] remains vigilant in keeping up with the latest updates to PCI DSS so we can help organizations to protect their most sensitive data assets and meet compliance requirements.

Latest Posts


19 Ways to Transfer Big Files

October 20, 2020

You have choices when it comes to sending large files. You can choose to take your chances with free file transfer solutions, but they can be risky. Using a managed file transfer (MFT) solution is a…


IT Professionals Share Why They Need an MFT Solution

October 13, 2020

Take it from Them As a company that takes immense pride in customer satisfaction, GoAnywhere Managed File Transfer (MFT) always enjoys hearing how and why our real-life customers are using our…


9 Mistakes You Might Make When Sending Big Files

October 8, 2020

Sending that small file, or even a few small files, is a no-brainer at most organizations. But what about those massive, unwieldly and oh-so-sensitive files that inevitably get “stuck” or noted…


What is File Encryption Software?

October 6, 2020

File encryption software is a tool – either free or paid – that encodes your information so that it remains secure in motion, at rest, or both. Securing sensitive data is essential for any…