Updates to PCI compliance and PCI data security standards

Credit card fraud soared again because of the explosion in electronic transactions. Identity theft and other types of fraud take place on a regular basis for both businesses and individuals. Therefore, credit card companies need to comply with security standards that address this issue.

At the moment, the PCI standards council is updating PCI DSS to Version 4.0. A new round of public revisions is now underway for the new draft document. It is an iterative process. This means that we will need many more months for PCI DSS v3.2.1 to be replaced with the new version.

Overview of updated PCI compliance standards

The new PCI requirements have a few strategic goals. Here they are.

• Protect credit card information in the face of new challenges,
• Provide more flexibility in PCI DSS compliance. Businesses use a variety of data security technologies and strategies. As long as all of them can pass a PCI audit and certification, they will be acceptable.
• Ensure data security requirements are enforced permanently and continuously.

Guidelines for general security

An updated security strategy was published recently by the PCI standards council. As a result, we recommend the following.

• Reducing cardholder data exposure;
• Strengthening passwords;
• Software patching and regular updates;
• Encryption methods that are more robust;
• Paying attention to whom you partner with.

PCI compliance recommendations are fully followed by the updated PCI DSS.

Specifically, which users are going to be affected by the new standard?

Merchants can be classified as PCI Compliant at one of four levels, depending on their volume of transactions. Both large (PCI DSS level 1 merchants) and small businesses are concerned with the update of PCI requirements. A number of questions are being updated, including the SAQs level 4 merchants are asked to complete in their PCI audits. Thus, the changes in the PCI DSS will likely affect all merchant services companies.

Conclusion

The PCI standards council requires that any company that touches sensitive credit card data adhere to its requirements. Currently, PCI DSS version 3.2.1 is available, and v4.0 is soon to come. A PCI auditor can help you understand how PCI compliance relates to your situation. UniPay Gateway’s payment experts are also available to assist.