PCI DSS 3.1 Highlights
April 24, 2015
The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. On February 13, 2015. the PCI SSC Council released a statement announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) as well as the Payment Application Data Security Standard (PA-DSS). The PCI DSS version 3.1 was published on April 15th, 2015, effective immediately. PCI DSS Version 3.0 will be retired on June 30, 2015.
PCI DSS Version 3.1 addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. The National Institute of Standards and Technology (NIST), identified SSL as not being acceptable as it is not a strong enough encryption protocol for the protection of data. Browser attacks such as POODLE were the result of SSL weaknesses. Upgrading to a current, secure version of TLS (Transport Layer Security) is prescribed as the current answer.
Please download Herjavec Group's latest report to review highlights of PCI DSS version 3.1 including updates versus version 3.0 and the impact of these requirements on your business. For a complete review of PCI DSS version 3.1, refer to the SSC’s release, its accompanying Summary of Changes document and the “Migrating from SSL and Early TLS” information supplement available online at the PCI SSC’s Documents Library.
For more information on Herjavec Group's PCI Compliance services, please contact SecurityConsulting@HerjavecGroup.com