New PCI DSS requirements will come into effect on June 30

The Payment Card Industry Data Security Standard (PCI DSS) is a requirement set down by several of the world’s leading payment card providers for any retailer who processes debit or credit card information.

However the scope of PCI DSS compliance, and the fact that individual requirements vary depending on the size of a company, can often make it confusing for businesses to understand.

And it may soon become even harder to internally evaluate PCI DSS compliance with new updates coming into effect on June 30.

Retailers will now be required to “establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities”, according to the security standards council – something which was previously only considered a best practice.

This means that businesses will not only have to be aware of and understand vulnerabilities, they must also be able to rank those vulnerabilities based on the relative risk to their systems.

The importance of having a secure system for managing payment card information has been highlighted in the media lately, with news breaking earlier this week (June 26) that the US Federal Trade Commission has filed a lawsuit against Wyndham Worldwide, accusing the hotel group of not properly securing customer information leading up to the theft of 600,000 payment card accounts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s