Are you ready for the changes to PCI from version 2 to version 3. The PCI Security Standards Council has just released the final version of the standard and there are quite a few changes you should be aware of so we’ve taken the liberty of posting the changes here. A complete summary of PCI DSS Changes From 2.0 to 3.0 can be found here in PDF format.
The overall updates include specific recommendations for making PCI DSS part of everyday business processes and best practices for maintaining ongoing PCI DSS compliance which is something we’ve been recommending to our clients for quite some time so that’s a refreshing change. For example, Version 3.0 requires that vendors use unique credentials for every merchant environment that they access. Imagine a scenario where a hacker gains access to the vendors account. Before this change, not only would they have access to a single environment but they may very well gain access to all that vendors clients accounts as well.
In short, if you’re handling payment processing or servicing clients that do, you need to get up to speed in the new changes as quickly as possible. The changes go into effect January 1, 2014 so if you need help please contact us as soon as possible so you can meet the deadline.