Blog
News

PCI Compliance 3.0 Overview - Part 1

November 12, 2013
5
min read

“Cardholder data continues to be a target for criminals. Lack of education and awareness around payment security and poor implementation and maintenance of the PCI Standards leads to many of the security breaches happening today.”Data Security Standard and Payment Application Data Security Standard, Version 3.0 Change Highlights

The PCI Security Standards Council recently released the highlights for a new version of PCI Compliance.This document is an overview of anticipated changes to the current PCI Data Security Standard (PCI DSS) and Payment Application-Data Security Standard (PA-DSS).This document was released to:

  • Help stakeholders review and discuss the draft versions of the new standards
  • Prepare stakeholders to align security programs to the updated Data Security Standards
  • Leave a reasonable amount of time for merchants to review and understand PCI DSS and PA-DSS before implementation.

The document released is not the new PCI Compliance 3.0 or the actual changes that will be implemented, rather a bit of a “heads up” for everyone. It is anticipated that 3.0 will be effective on January 1st 2014, but Version 2.0 will remain active until the 31st of December 2014 and compliant vendors will have until 2015 to move to the new standard. One of the main drivers for the change was actual feedback from the industry. Many areas of challenge that contributed to this update includes:

  • lack of education/awareness on PCI
  • weak authentication practices and password protection
  • 3rd party security changes/updates
  • malware issues
  • inconsistent assessments by assessors

The core 12 security areas will remain the same, but Version 3.0 will include new requirements. These changes are designed to give companies strong security principles that can be applied more easily to their tech/payment/business. The updated versions will:

  • Be more focused on risk
  • Further clarify PCI DSS & PA-DSS requirements
  • Help build a better understanding of the intent of PCI DSS and how to apply it
  • Improve and provide more flexible ways to implement the standards
  • Help make PCI assessment more consistent
  • Direct evolving threats
  • Update with new and changing industry best practices
  • Refine reporting and scoping
  • Consolidate the PCI documentation

It is quite a relief to see an increased interest in helping merchants understand and adopt PCI compliance as it creates a major benefit to many organizations and merchants.Although the changes may seem minor, it is expected that many of these revisions could possibly have a significant impact on your organization. (See part 2 for more details on PCI 3.0.)

Want to learn more about PCI Compliance 3.0? Speak to our certified information systems auditor.

Related Articles

Decoding Gen Z's Payment Preferences
Kubera
April 25, 2024
Transforming Banking for the Mobile-First Generation
Kubera
April 18, 2024
News
Nuvei Goes Private in Landmark $6.3 Billion Deal
Kubera
April 16, 2024
Address:
450 Southwest Marine Drive, 18th Floor
Vancouver, BC
V5X 0C3
Contact:
Toll Free: 1 (855) 458-2372
Local: 1 (604) 484-9297
Email: help@kuberapayments.com
HomeBlogContact
Kubera Payments Corporation is a business consulting firm connecting our clients to many different partners and products. Among other partners:

Kubera Payments Corporation is an authorized agent of Ignite Payments, a Fiserv company

Kubera Payments Corporation is an Elavon Payments Partner & Registered MSP/ISO of the Canadian branch of U.S. Bank National Association and Elavon

Kubera Payments Corporation is an authorized agent for Worldline, VersaPay and Authorize.net
Copyright © Kubera Payments Corporation. All rights reserved.
Privacy PolicyTerms And ConditionsCookies Policy