Earlier this year, enforcement of the latest version of Payment Card Industry Data Security Standard (PCI DSS 3.2) went into effect. The new payment security regulation, originally introduced in 2016, is aimed at better preventing, detecting and responding to cyberattacks that can lead to payment data breaches.
As a retailer, these are regulations you’re already aware of—and have been actively complying with—for some time now. But did you know that more changes are coming?
For example, as of July 2018, use of Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) cryptographic protocols is no longer sufficient for meeting the following PCI DSS requirements:
- Implement additional security features for any required services, protocols, or daemons that are considered to be insecure (2.2.3).
- Encrypt all non-console administrative access using strong cryptography (2.3).
- Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks (4.1).
Besides keeping up with changes that affect you as a merchant, there are also regulations to which your payment processing vendor must adhere. Per PCI DSS 3.2, service providers are required to comply with the following:
- Maintain a documented description of the cryptographic architecture (3.5.1).
- Detect and report on failures of critical security control systems (10.8).
- Perform penetration testing on segmentation controls every six months (188.8.131.52).
- Establish responsibilities for the protection of cardholder data and a PCI DSS compliance program (12.4.1).
- Perform quarterly reviews to confirm personnel are following security policies and operational procedures (12.11.1).
The payments industry is continually evolving. Over the past five years—in addition to the changes to PCI security standards mentioned above—we’ve seen the rise of EMV chip technology and new form factors, such as mobile pay. That’s a lot to keep up with when you have more important things to worry about, like taking care of your customers.
Are you looking for a secure payment processing provider that can help you maintain PCI compliance and prepare for new payment trends? TRUNO can help.