With several businesses recently experiencing data breaches, it's more important than ever to protect your business and cardholder data from hackers. What many small businesses don't know is that the steps toward PCI compliance have changed with the Jan 1, 2015 introduction of PCI 3.0. Here's what you need to know!
Why did the standards change?
The PCI Standards are updated based on feedback from the industry and response to current market needs.
Drivers for this change included:
- Lack of education and awareness
- Weak passwords, authentication
- Third-party security challenges
- Slow self-detection, malware
- Inconsistency in assessments
The changes in version 3.0 were designed to help organizations take a proactive approach to protect cardholder data that focuses on security, not compliance, and makes PCI DSS a business-as-usual practice.
Education and awareness
Lack of education and awareness around payment security, as well as poor implementation and maintenance of the PCI Standards, lead to many of the high-profile security breaches that have been in the news. Updates to the standards are geared towards helping businesses and organizations better understand the intent of requirements and how to properly implement and maintain controls across their business.
- Best practices for implementing security into business-as-usual activities to maintain ongoing compiance
- Navigating the PCI DSS guidance was added for easier understanding of each requirement and security goal
- Req. 8.4 - Password education for users
- Req. 9.9 - POS security training and education
Changes in PCI DSS and PA-DSS 3.0 focus on the most frequently seen risks that lead to incidents of cardholder data compromise. These include weak passwords and authentication methods, malware, and poor self-detection. Added flexibility on ways to meet the requirements enables business and organizations to take a more customized approach to addressing and mitigating common risks and problem areas.
- Req. 8.2.3 - allows for organizations to implement the password strength appropriate for its security strategy
- Req. 10.6 - More flexiblity to prioritize log reviews based on the organizations risk management strategy
Security as a shared responsibility
Today’s payment environment is complex, creating multiple points of access to cardholder data. Changes introduced with PCI DSS and PA-DSS focus on helping business and organizations understand their PCI DSS responsibilities when working with different business partners to ensure cardholder data security.
- Guidance on outsouorcing PCI Dss responsibilities
- Req. 12.9 - PCI DSS responsiblities for service providers
In order to stay competitive in terms of security and compliance, businesses and organizations need to have a structured and continuos approach to solving ongoing security challenges, but it has to be easy enough to implement every day. This is what PCI 3.0 is all about.
About Novera Payment Solutions
Novera Payment Solutions takes the worry off your plate. Our payment processing systems are PCI compliant and secure. Our goal is to make payment processing easy and affordable. Our flat fee merchant account pricing saves businesses money, and our next day deposits ensure they have their money fast.