Payment Card Newsflash #016
Dear Credit Card Merchants:
Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards, published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS).
Version 3.0 becomes effective on January 1st, 2014.
This new version introduces more changes than Version 2.0. The core 12 security areas remain the same, but the updates includes several new sub-requirements that did not exist previously. Recognizing that additional time may be necessary to implement some of these sub-requirements, the Council will introduce future implementation dates accordingly. This means until 1 July 2015 some of these sub-requirements will be best practices only, to allow organizations more flexibility in planning for and adapting to these changes. Additionally, while entities are encouraged to begin implementation of the new version of the Standards as soon as possible, to ensure adequate time for the transition, Version 2.0 will remain active until 31 December 2014.
Supporting documentation including updated Self-Assessment Questionnaires (SAQ), Attestations of Compliance (AOC) and Reporting Templates will be available in early 2014 once version 3.0 is effective.
Click here for a helpful infographic.