Payments

11:22 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

PCI Council Publishes Preview of New Security Standards

The new version of the PCI security standards will address topics like everyday maintenance, security with third party partners and the emergence of mobile payments.

The PCI Council will be releasing version 3.0 of its Data Security Standard and Payment Application Data Security Standard in November to take effect at the beginning of 2014. The council released a preview of the expected changes for the new version of the standards yesterday for PCI members.

The new version will address several areas of growing concern, says Bob Russo, the council’s general manager. “The biggest area to address with version 3.0 is to make PCI compliance more business-as-usual, so merchants don’t have to think about it,” he notes.

Many merchants approach the PCI security standards as a compliance issue and with a mentality of “I check the box and I’m done with it; I don’t have to worry about it anymore,” Russo observes.

Merchants and payments players need to approach PCI as a security issue rather than a compliance issue, and be constantly diligent about being up to date with the standards, he remarks.

This is particularly important as most of the security breaches that the council has observed are exploiting simple vulnerabilities that the standards already address, Russo says. “90% of the breaches are simple exploits -- someone didn’t change their default password or is using insecure remote access. The standard is already a good framework for dealing with all of these things,” he explains.

The new version of the standard will also take into account new and emerging technologies and threats, says Troy Leach, the council’s chief technology officer. For instance, as mobile payment acceptance is expected to increase over the next few years, the new version of the standard will emphasize awareness of how cardholder data has to be exposed during a transaction, and how to mitigate that risk, Leach explains.

[See Related: Security is Final Hurdle to Mass Mobile Payments Adoption]

With more businesses outsourcing IT needs to third party vendors, the standards will also underline the importance of understanding shared security responsibilities with those partners, Leach adds.

The preview of the new version of the standards is not final. Over the fall the council will discuss the proposed changes with its members during committee meetings, and will likely make some tweaks to the new version before it is made official in November, Bob Russo says.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
8/19/2013 | 4:16:01 PM
re: PCI Council Publishes Preview of New Security Standards
Couldn't agree more. Merchants aren't security experts. Giving them simple guidelines that they can follow on a regular basis without too much effort or worry is definitely the best approach.
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/16/2013 | 6:34:10 PM
re: PCI Council Publishes Preview of New Security Standards
Merchants obviously have a lot of their plate to deal with on a daily basis, so making the standards easy enough to adhere to "so they don't have to think about it" as Russo says, is a good step.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.