Skip to content

New Threats And PCI Rules

The Payment Card Industry Data Security Standard (PCI DSS) turned 10 years old in September 2016. It has introduced a new 3.2 version of the industry standard that should be used by businesses to protect payment data before, during and after purchase. Now, businesses should take into consideration a large list of new requirements and clarifications. These will be regarded as best practices until Feb 1, 2018, and then, they will become enforced.

Data security experts speak of 2 main changes. These refer to multifactor authentication and responsibility if third parties are engaged. Multifactor authentication will be imposed on all administrator access. In the previous version, such authentication was required only for remote access.

When it comes to eCommerce merchants outsourcing online payment processing to a third-party service provider, they still bear responsibility for PCI compliance.

Merchants looking for a reputable payment processor to open a secure and reliable merchant account should consider turning to emerchantbroker.com. EMB is voted the #1 high risk processor in the US and boasts an A+ rating with the BBB. EMB is one of Inc 500’s Fastest Growing Companies of 2016 and is rated “A” by Card Payment Options.

The PCI standard kept on evolving over the past 10 years. Today, the changes in the PCI standard show how it responds to threats imposed by hackers each and every day that become more and more sophisticated.

According to Michael Aminzade, vice president of global compliance and risk services at Trustwave, 10 years ago, the standard focused on removing unnecessary data storage, network security and basic web application security. Today, the standard focuses on transforming account data.

Aminzade further notes that this new version is related to service providers and third parties, their card data security and management on behalf of merchants and customers. It’s around further card data encryption inside the payment track. There is a great difference between the first version of the standard and the current focus of the standard.

Companies that are involved in accepting, processing or receiving payments should adopt this new version as soon as possible. It will enable them to immediately detect and respond to cyberattacks so to be able to successfully prevent data breaches.