The Payment Card Industry Data Security Standard (PCI DSS) published by the Payment Card Industry Security Standards Council (PCS SSC) is a set of regulations businesses must use to safeguard the financial and personal data of their customers throughout every point of a transaction. In response to the increase in payment information threats, version 3.2 of the PCI DSS is in full effect.
PCI DSS is now recognized as a standard that can be updated with small revisions, rather than only when significant changes take place. Originally released in 2016, Version 3.2 has been considered a set of best practices as a way to help businesses balance meeting compliance measures with operational reality; however, these requirements are now mandatory as of February 1, 2018.
Here is a summary of some key points that companies who accept, process or receive payment information from customers must have in place to ensure PCI DSS Version 3.2 compliance standards are met.
New Requirements for Merchants and Service Providers
New Requirements for Service Providers Only
In the event of one of these failures, it is necessary that action be taken in a timely manner to restore security functions, as well as performing a risk assessment to determine what further action may be needed. Documentation that includes the cause of the failure, its duration and any other issues that may have occurred is also required.
Compliance reviews should be conducted on a quarterly basis and include daily log reviews, firewall rules, configuration standards of new systems, response to security alerts and change management processes. These reviews help prepare organizations for their next PCI DSS assessment by ensuring adherence to security policies and procedures, and act as a confirmation that systems are performing as intended. Documentation of the quarterly-review results must be signed off by the personnel responsible for the compliance program and maintained by the company.
In navigating the maze of new and changing requirements of standards such as PCI DSS and HIPAA, many steps in the process can be inadvertently overlooked. Your organization needs a multi-layered security solution, along with proven strategies and expertise to maintain compliance. Without the proper guidance and plans in place, you face millions of dollars in fines that could put your entire business at risk.
Protelligent’s Premonition Security Suite™ can help your organization keep up with mandatory changes and improve your operational efficiency. Call (855) PRO-TELL today to get started.
Note: The above information is a summary of the major changes to the requirements included in PCI DSS version 3.2, and is not a comprehensive overview of all updates. We advise organizations always refer directly to the original publication to ensure they are in compliance with the latest requirements and security assessment procedures.