HackDig : Dig high-quality web security articles for hacker

PCI DSS v3.1 for Ecommerce Payments

2015-04-16 15:55

Lots happening this week. The Payment Card Industry Security Standard Council (PCI SSC) has announced the release of an update to the PCI Data Security Standard (PCI DSS).

Partial view of the title sheet from the Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.1, April 2015

PCI DSS v3.1 (15 April 2015), includes several changes to reflect changing threats and recently discovered vulnerabilities, but also including some clarifications and additional guidance.

The most important aspects changed for ecommerce channels relate to the following PCI DSS requirements:

  • 2.2.3 and 4.1 - Removed SSL as an example of a secure technology. Added note that SSL and early TLS are no longer considered to be strong cryptography and cannot be used as a security control after June 30, 2016. Additional guidance provided in Guidance column. Also impacts Requirements 2.3 and 4.1.
  • 2.3 and 4.1.1 - Removed SSL as an example of a secure technology and added a note to the requirement.
  • 3.4 - Clarified in requirement note that additional controls are required if hashed and truncated versions of the same PAN are present in an environment.
  • 6.6 - Added clarification to testing procedure and Guidance column that if an automated technical solution is configured to alert (rather than block) web-based attacks, there must also be a process to ensure timely response.

The PCI SSC has provided an on demand webinar to assist with understanding all the changes. Version 3.1 is effective immediately and PCI DSS Version 3.0 will be retired on 30 June 2015.


Source: stnemyaP-ecremmocE-rof-13v-SSD-ICP/61/4/5102/ku.rellewdnekrelc.www

Read:2424 | Comments:0 | Tags:technical SSL threats PCIDSS monitoring preventative

“PCI DSS v3.1 for Ecommerce Payments”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud