The PCI Security Standards Council recently issued a press release about anticipated changes to the PCI DSS (Payment Card Industry Data Security Standards) and PA-DSS (Payment Application Data Security Standard) as a preview for the changes in the third version of the standards to be released November 2013.
Version 3.0 features even more changes than version 2.0 as a result of a three-year standard development lifecycle, meaning the council has been conducting industry research since 2010 for the latest revisions. The press release names a few key drivers for the update include:
According to Troy Leach, PCI SSC chief technology officer, “PCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, mobile acceptance or cloud computing.”
For third-party security challenges, transparency into the PCI compliant cloud can deter merchants that try to gain visibility into cloud systems and processes, meaning security can be an issue. A few ways you can gain more transparency with PCI hosting providers include:
Read Four Ways to Gain Transparency with PCI Hosting Providers for a full description of each method.
Other proposed updates to the current PCI DSS standard include:
The council is holding a few webinars on Preparing for PCI DSS and PA-DSS 3.0: Standards Change Highlights, held at the end of August and beginning of September. The webinars will outline:
For more information about other ways to secure your servers, read about our Technical Security services.
Or, if you’re confused about how to meet technical security requirements of PCI DSS, read our PCI Compliant Hosting white paper. It discusses the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center both technically and contractually, and outlines the benefits and risks of data center outsourcing, and vendor selection criteria.
PCI-Ready? Not Enough for Fully Compliant PCI Hosting
Obscure marketing lingo happens to the best of us, and one of those potentially deceptive terms, when it comes to compliant hosting, is -ready. Whether it’s PCI-ready, or HIPAA-ready, it’s a key indicator that the hosting provider using … Continue reading →
New Technology Fuels Global PCI DSS Compliance Security Concerns
Last month Jeremy King, the European Director for the Payment Card Industry Security Standards Council (PCI SSC) had an interview with BankInfoSecurity.com, in order to address pain points they encounter as they continue to shape the Payment Card Industry Data … Continue reading →
Achieving a Layered Data Security Solution for PCI DSS Compliance
For ecommerce websites, partnering with a PCI DSS compliant hosting provider can help you achieve many requirements of the standard while building a layered security solution to protect credit cardholder information, whether stored or merely in transit. Where should you … Continue reading →
PCI Council Highlights Expected Changes to PCI DSS and PA-DSS (PDF)