The PCI Security Standards Council (PCI SSC) has recently published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security. As a result, organizations now need to move to address comprehensive security practices built on shared responsibility than just compliance.
The PCI-DSS 3.0 Overview
Build and Maintain a Secure Network
Install & maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Protect stored cardholder data
Encrypt transmission of cardholder data across open public networks
Maintain a Vulnerability Management Program
Protect all systems against malware and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Implement StrongAccess ControlMeasures
Restrict access to cardholder data by business need-to-know
Identify and authenticate access to system components
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel
Applicability of PCI DSS 3.0: 1st January 2014
2.0 to 3.0 transition time limit: 31st December 2014
January 22, 2014
