January marks the start of PCI version 3.0
Companies that rely on credit card merchant services must be compliant with a new set of Payment Card Industry Data Security Standards in 2015. Effective this month, version 3.0 will replace the previous set of standards, in an effort to enhance security and protect personal data for consumers.
PCI updates its standards every three years, as advances in technology and new vulnerabilities emerge, to make the industry more airtight to breaches. Experts say that while becoming compliant with new PCI directives might cause headaches in the short term, it will benefit companies and their customers in the long run.
"It's also a response to events that have taken place since the last DSS version, like the numerous security breaches and mass credit card data thefts that hit major retailers and financial institutions that continue to make headlines," writes Jeremy Lacy, a qualified security assessor, in Forbes Magazine. "In fact, all of the companies inflicted with major breaches in recent months already had passed PCI 2.0 audits—and still got hit."
The need for updated standards is reflected in the sheer number of firms whose data was compromised in 2014. In total, version 3.0 includes 96 new standards that build on old systems' methods of processing, storing and transferring credit card data. One new requirement is for companies to test PCI traffic in cloud-based systems, platforms that have given way to vulnerabilities. Previously, the PCI standards were vague about liability for cloud-based transfers, or whether the onus was on firms sending or receiving data in certain cases.
Updating your card-reading technology to meet PCI compliance standards will help fortify your data against the threat of intrusion. A good way to start 2015 is with a review of current methods, so you can revise them with new requirements in mind.