Like a blockbuster movie, but with less entertainment value, PCI 3.0 standards are a ‘must’ for every business to see, understand and implement
Hoboken, New Jersey and New York City, New York (PRWEB) November 25, 2013
A new article from eMazzanti Technologies is now available that reviews the upcoming Payment Card Industry Data Security Standards (PCI DSS) version 3.0 in order to prepare organizations for its introduction from November 2013—though until July 1, 2015. The standards will be best-practices-only according to the PCI Securities Standards Council. Every business that offers credit or debit card transactions will fall under the new rules. The article spells out the changes that business entities will want to be informed about.
“Like a blockbuster movie, but with less entertainment value, PCI 3.0 standards are a ‘must’ for every business to see, understand and implement,” noted Jennifer Mazzanti, president, eMazzanti Technologies. “eMazzanti specializes in supporting the IT associated with a variety of retail segments and understands the impact on businesses.”
Feedback Drives PCI 3.0 Content
Based on feedback from the industry, in 2010 the Council moved from a two-year to a three-year standards development lifecycle. The additional year provides a longer period to gather feedback and more time for organizations to implement changes before a new version is released. Version 3.0 will introduce more changes than Version 2.0. The core 12 security areas remain the same, but the updates will include several new sub-requirements that did not exist previously.
Recognizing that additional time may be necessary to implement some of these sub-requirements, the Council will introduce future implementation dates accordingly. This means until 1 July 2015 some of these sub-requirements will be best practices only, to allow organizations more flexibility in planning for and adapting to these changes. Additionally, while entities are encouraged to begin implementation of the new version of the Standards as soon as possible, to ensure adequate time for the transition, Version 2.0 will remain active until 31 December 2014.
Changes Reflects Growing Criminal Activity in the Industry
Why all the changes? It’s because threats to data are continuous. New vulnerabilities follow the payment ecosystem as it geometrically expands to include mobile, cloud and data analytics. Cardholder data continues to be a target for criminals. Lack of education and awareness around payment security and poor implementation and maintenance of the PCI Standards leads to many of the security breaches happening today. The updates address these challenges by building in additional guidance and clarification on the intent of the requirements and ways to meet them. Additionally, the changes in PCI DSS and PA-DSS 3.0 focus on some of the most frequently seen threats and risks that precipitate incidents of cardholder-data compromise. The updated standards will help organizations not by making the requirements more prescriptive, but by adding more flexibility and guidance for integrating card security into their business-as-usual activities. At the same time, the changes will provide increased stringency for validating that these controls have been implemented properly, with more rigorous and specific testing procedures that clarify the level of validation the assessor is expected to perform. Overall, the changes are designed to give organizations a strong but flexible security architecture with principles that can be applied to their unique technology, payment, and business environments.
The updated versions of PCI DSS:
- Provide stronger focus on some of the greater risk areas in the threat environment
- Provide increased clarity on PCI DSS & PA-DSS requirements
- Build greater understanding on the intent of the requirements and how to apply them
- Improve flexibility for all entities implementing, assessing, and building to the Standards
- Drive more consistency among assessors
- Help manage evolving risks / threats
- Align with changes in industry best practices
- Clarify scoping and reporting
- Eliminate redundant sub-requirements and consolidate documentation
Help is at hand
IT experts, like eMazzanti Technologies, offer cost-effective PCI compliance services--including helping SMBs complete their self-assessment questionnaire or assess PCI readiness.
Consultants like eMazzanti are also certified by the PCI as Qualified Security Assessor (QSA) companies, which have QSA employees who have been certified by the PCI Council to validate an entity's adherence to the PCI DSS.
Other similar articles that others have found helpful:
How to Select Outsourced IT: [25 Criteria: How to Select Outsourced IT __title__ How to select]
24 Disaster tips: [25 Disaster Recovery Tips __title__ 24 Disaster tips]
Mobile Security Threats: [Mobile Device Threats __title__ Mobile threats]
Printer Security Threats: [Printer Security Threats __title__ Printer threats]
About eMazzanti Technologies
eMazzanti Technologies’ team of trained, certified experts provide 24x7 outsourced IT support to help ensure business productivity, address challenges of growth, cloud computing, mobility, critical business continuity and disaster recovery demands. The consultancy has special expertise in manufacturing, distribution, retail and PCI compliance, financial, architectural, engineering, construction, government, educational, legal services, accounting, marketing communications, and healthcare market segments, while maintaining high customer satisfaction levels. Flexible support plans range from fixed-fee, around-the-clock network management where eMazzanti functions as an extension of a businesses’ IT staff to a custom-solution provided on an as-needed basis. eMazzanti serves the Hoboken, NJ and NYC area markets as well as regional, national and international business support requirements. The IT firm is Microsoft's 2012 Partner of the Year and on-going Gold Partner, Microsoft Northeast Region Partner of the Year, a four-time recipient of WatchGuard's Partner of the Year and has achieved the Inc. 5000 list for the fourth year in a row. Download the free article: How to Select an IT Provider here. More than 400 companies trust their IT support needs to eMazzanti Technologies. For more information, contact: Carl Mazzanti 201-360-4400 or emazzanti.net. Twitter: @emazzanti, Facebook: Facebook.com/emazzantitechnologies.