PCI DSS 3.2 coming our way. How should you plan and prepare?

Look for A PCI DSS verion 3.2 release around mid to late April, 2016. This release will not have major revisions or updates.  There will be no additional releases this November, 2016.

The PCI Council’s Chief Technology Officer Troy Leach said, “we are sensitive to the drastic changes that are happening with payment acceptance – from advancements in mobile payments to EMV chip rollout in the United States, to adoption of other forms of dynamic data and authentication. By releasing the standard early, with long sunrise dates, organizations can evaluate the business case for their security investments. This also allows us more time to dedicate to security priorities for those specific payment channels in the future.”

Version 3.2 will,

• evaluate additional multi-factor authentication for administrators with a cardholder data environment
• incorporate some of the designated validation criteria for service providers
• clarify masking criteria for Primary Account Numbers (PAN)
• clarify dates for SSL to TLS

PA-DSS will also have updates to align with PCI DSS.  Additional guidance and updates will be created to help with the implementation of the updates.

Leach also reiterated that companies should regularly evaluate ‘how it accepts payments and whether it can reduce the risk to its customers and its organization by changing business practices for cardholder data exposure; evaluate newer payment technology like tokenization and encryption; and confirm its third party service providers understand the importance of the upcoming changes as well.’

Call on Omega, the data security and compliance experts to get more clarification and help on v3.2 updates. Contact us with your questions. Phone 636-557-7777 or email Security@OmegaSecure.com.