» 

Blog

Posts Tagged with "PCI AUDIT"

Are You Ready for the 2018 PCI DSS Deadlines?

PCI DSS 2018 deadlines

Sometime last year you achieved total compliance with PCI DSS, the information security standard for all organizations that process credit or debit cards. That means your data is safe, the auditors will leave you alone, and you can kick back and relax, right?

Unfortunately, hackers don’t take breaks. Their methods are constantly evolving, making it essential that you are compliant with the latest security standards. Fortunately, PCI DSS is designed to ensure that you know exactly what to do to stay ahead of new threats. Staying PCI DSS compliant also lets you avoid hefty fines.  

The latest version of PCI DSS is version 3.2, which was announced in April 2016. Hopefully you’ve already seen the new rules and are taking steps to improve your security. You should be aware that some major PCI DSS compliance deadlines are approaching in 2018.

Although PCI DSS 3.1 technically expired in October 2016, all new requirements in version 3.2 will be considered best practices until 2018, when they’ll become mandatory. Here are some of the most important changes:

 

Multi-Factor Authentication (Best Practice Now, Mandatory February 2018)

PCI DSS version 3.1 called for two-factor authentication. Don’t worry about the name change to multi-factor authentication—it’s just to clarify that more than two types of authentication are possible. The more important update is that the requirement is expanded to include all individual non-console administrative access as well as all remote access to the cardholder environment (CDE).

That means that for any potential CDE access points, including through tools like your managed file transfer solution, you need to have multi-factor authentication either at the network or the system level.

 

TLS 1.1 or Above (Best Practice Now, Mandatory June 2018)

SSL and its immediate successor, TLS 1.0, are no longer considered strong encryption methods. Originally, the new PCI DSS requirement mandated that every organization migrate to TLS 1.1 and above (ideally TLS 1.2) by June 2016. This deadline was later pushed out to June 2018.

However, if you’re using SSL or early TLS, you should know that you’re not using current security best practices. We recommend that you move your file transfers to a stronger encryption method as soon as possible.

 

PCI DSS 3.2Get the Full Scoop

In order to help you fully understand the changes to PCI DSS 3.2, especially how they relate to managed file transfer, we’ve created a new whitepaper. Download it to learn:

  • Who needs to comply with PCI DSS 3.2
  • What has changed since version 3.1
  • How PCI DSS compliance affects your file transfer processes and solutions

Get the Whitepaper

 


Get the Guide: Achieving PCI DSS Compliance with GoAnywhere MFT


Instantly Download the GoAnywhere MFT PCI DSS guideThe Payment Card Industry’s Data Security Standard (PCI DSS) was created to increase controls over cardholder data and reduce fraud. It applies to every organization around the world that processes credit or debit card information. Unfortunately, it’s not always clear to businesses which steps need to be implemented to ensure PCI DSS compliance. Using the right software solutions can take a lot of the work out of your hands.

It’s essential to factor protection for your file transfers into your security and compliance plan. If you possess customer cardholder data, an unsecure transfer method leaves that data especially vulnerable to interception and theft. The most common file transfer pitfall is relying on inadequate methods such as free FTP tools, file sharing apps, and email attachments. Ideally, your file transfer solution will go beyond protecting your data with encryption and secure protocols and also help you to provide the information that an auditor needs through detailed reports and role-based access.

The penalties for failing a PCI DSS audit are severe and will likely negate the savings of your “inexpensive” transfer method. Of course, complying with PCI DSS is not just about avoiding fines. PCI DSS compliance should be seen as a set of core principles that will help you avoid a costly breach of your data—and having to tell your customers that you’ve allowed their credit card data to be stolen.

PCI DSS compliance is based on twelve main requirements. We’ve put together a guide that demonstrates how GoAnywhere Managed File Transfer addresses several of them. For example, GoAnywhere protects your files at rest (PCI DSS Requirement 2) using strong encryption methods like AES and OpenPGP. Its role-based accounts allow you to restrict access to cardholder data by business need-to-know (PCI DSS Requirement 7).

Instantly download the guide to see how GoAnywhere helps to make PCI DSS compliance easy.

 

 

 


Improving PCI DSS Compliance by Understanding Common Mistakes Organizations Make during an Audit

Linoma Software, a leader in providing enterprise-class security and managed file transfer solutions, announced today a free webinar titled, "How to Improve Your PCI DSS Compliance: Avoiding the Common Mistakes of a PCI DSS Audit", on Wednesday, May 25, at 12:00 PM Central Time.  The webinar will offer expert advice from Alan Sabatka and Bob Huerter from Continuum Security Solutions.

PCI DSS Audit - CompliantThe event is ideal for any organization handling credit and debit card transaction data, and anyone responsible for `their organization's compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements. This informative webinar will specifically cover:

  • The PCI DSS audit process
  • Common misconceptions and business mistakes
  • Best practices for meeting PCI DSS requirements

The event has been recorded and available for on-demand viewing here.  


About the Continuum Worldwide

Continuum Worldwide Corporation, DBA Continuum Security Solutions, is an information security company, engaged in all phases of compliance, assessments, governance, digital forensics, and incident response. With expertise developed through decades of real-world experience, our consultants take a holistic approach to clients' risk. We help clients recognize threats, evaluate potential impacts and create individually tailored programs that transform their ability to manage exposure to future detrimental activities.