PCI DSS 3.1 Highlights

April 24, 2015

The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. On February 13, 2015. the PCI SSC Council released a statement announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) as well as the Payment Application Data Security Standard (PA-DSS). The PCI DSS version 3.1 was published on April 15th, 2015, effective immediately. PCI DSS Version 3.0 will be retired on June 30, 2015. 

PCI DSS Version 3.1 addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. The National Institute of Standards and Technology (NIST), identified SSL as not being acceptable as it is not a strong enough encryption protocol for the protection of data. Browser attacks such as POODLE were the result of SSL weaknesses. Upgrading to a current, secure version of TLS (Transport Layer Security) is prescribed as the current answer. 

Please download Herjavec Group's latest report to review highlights of PCI DSS version 3.1 including updates versus version 3.0 and the impact of these requirements on your business. For a complete review of PCI DSS version 3.1, refer to the  SSC’s release, its accompanying Summary of Changes document and the “Migrating from SSL and Early TLS” information supplement available online at the PCI SSC’s Documents Library.

DOWNLOAD

For more information on Herjavec Group's PCI Compliance services, please contact SecurityConsulting@HerjavecGroup.com

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.


Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn