June 27, 2018//Ellen NeveuxLast Updated: April 12, 2021
An updated version of the Payment Card Industry Data Security Standard (PCI DSS) must be adopted by any enterprise that interacts with payment cards by June 30, 2018. PCI DSS is a standard set for enterprises that gather, store, and use customers’ payment card data when a purchase of a product or service is made. Meeting the compliance standards set under PCI DSS helps safeguard customer data, minimizes risks of losing payment card data, and losing information to cybercriminals. The PCI DSS system includes security management, policies and procedures, network architecture, software designs, and more.
What PCI DSS does
The importance of PCI DSS cannot be stressed enough. For example, an identity protection company found that in just 2017 alone, 14.2 million credit card numbers were exposed, which is an 88% increase over 2016. What’s worse is that it is expected that this number will continue to increase for 2018. That’s where PCI DSS can come and help. The goal of the adhering to PCI DSS is to hold merchants to certain standards when collecting, processing, and transmitting consumer data. Since PCI DSS’s inception in December 2004, it has become the standard for merchants that interact with payment card information.
PCI DSS has gotten a few facelifts during its 14-year life to reflect the emerging technologies, updated risks and threats, and has also been edited to add clarity and flexibility. The June 30, 2018 update is PCI DSS 3.2 and includes important changes that further protect consumer’s sensitive information. In order to ensure PCI DSS 3.2 compliance, organizations must meet a number of different requirements. Some of the objectives mandated in the newest version are:
What’s being updated?
PCI DSS 3.2 was originally published online in April 2016, with the expected enforcement date to be February 2018. However, enforcement of the changes to PCI DSS 3.2 begins June 30, 2018. Enterprise organizations are expected to be ready for these changes since they have had over two years to get things in line. Failure to meet compliance needs set by PCI DSS can result in the inability to accept credit cards and large fines. On top of that, it may also lead to a negative reputation with consumers. Non-compliance can easily be the downfall of a brand.
According to the PCI Security Standards Council, there are a couple of important changes that must be made by organizations for PCI DSS 3.2:
Post-cyberattack, enterprises frequently find that they were not completely compliant with the necessary industry standards that may have protected them in the first place. Instead, enterprises must be proactive and compliant in the first place by adhering to the necessary standards and possible updates that may occur along the way. One of the biggest accomplishments of being compliant with PCI DSS 3.2 is protecting an enterprise and its clients from events, like cyberattacks, from happening.
On the other hand, some organizations may already be up-to-date on all PCI DSS 3.2 requirements, but it is always important to double-check that standards are being met. The PCI Security Standards Council says the goal of this update is to establish “security processes that help prevent, detect, and respond to attacks that can lead to data loss.” The implementation of PCI DSS might be the difference between a cyberattack and a regular day at work.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.