PCI DSS v3.0 is finally out, but do you know what the major changes are and how they’re going to affect your organisation? Download our free PCI DSS green paper today to find out more.
One of the major differences between v2 and v3 is that the new version will help securing cardholder data become “business as usual” by introducing more flexibility in implementing the requirements, and giving an increased focus on education, staff awareness and security as a shared responsibility.
The new version has been written in a much clearer and more intuitive way than the previous version. This has been achieved by combining what used to be separate documents, i.e. the standard and the guidance, into one and providing a clearer structure of requirements, testing procedures and guidance.
The changes will certainly have a sizeable impact on merchant retailers in relation to Pin Entry Devices (PED) as well as the relationship between merchants and their service providers. There is also a list of changes in regards to the testing of the cardholder data environment and staff awareness.
To learn about the changes in more detail, download our free green paper on PCI DSS v3.0 which has been written by PCI DSS trainer and QSA, Geraint Williams.
Implementation of the PCI DSS v3
PCI DSS v3.0 becomes applicable from 1 January 2014, and the current v2 will be retired on 31 December 2014. This provides a 12-month overlap when a company can certify against either standard. New elements in PCI DSS v3.0 that involve major changes will remain best practice until June 2015, after which they will become mandatory.