Filter by Category

Take a Proactive Approach to New PCI DSS Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

PCI DSS compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS. By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, HelpSystems [formerly Linoma Software] remains vigilant in keeping up with the latest updates to PCI DSS so we can help organizations to protect their most sensitive data assets and meet compliance requirements.

Latest Posts


The Top 5 Reasons Why Government Agencies Need MFT

January 21, 2021

GoAnywhere MFT is Crucial for Government Agencies Government agencies are facing more responsibilities than ever to keep increasingly sensitive data safe and away from prying eyes. GoAnywhere…


How to Comply with Brazil's Lei Geral de Proteção de Dados (LGPD)

January 14, 2021

What is Brazil’s LGPD?LGPD stands for Lei Geral de Proteção de Dados (General Data Protection Law), which is a law streamlining what was previously 40 separate statutes protecting personal data…


What is SSL, TLS, and HTTPS?

January 13, 2021

Meet the Trio SSL, TLS, and HTTPS are a unique trio that each work to help keep your important data secure on the Internet. If you've ever wondered how each of these protocols compares, you’ve…


Is FTPS or SFTP More Secure?

January 12, 2021

FTPS vs. SFTP – Level of Security FTPS and SFTP are two of the mainstream protocols for transferring your sensitive files, but they are not 100 percent equal when it comes to their level of…