Account
Basket
Asia
Select regional store:
Please enter more than 3 characters
Press Releases Experts urge merchants and service providers to start transitioning to PCI DSS v3.1 now

Experts urge merchants and service providers to start transitioning to PCI DSS v3.1 now

28/04/2015

IT Governance, the global cyber security services provider and PCI QSA company, has urged organisations to start transitioning to PCI DSS v3.1 as soon as they can.
 
Version 3.1 of the Payment Card Industry Data Security Standard (PCI DSS) was published in April 2015 and is effective immediately, although a transitioning period of 14 months has been set for organisations to address the changes that have been introduced. These relate to the use of Secure Sockets Layer (SSL) or early Transport Layer Security (TLS) which have been deemed “no longer acceptable for protection of data”. Version 3.0 will be retired on 30 June 2015.
 
The changes affect requirements 2.2.3, 2.3 and 4.1 of PCI DSS v3.0, which reference SSL as an example of “strong cryptography”. According to PCI DSS 3.1, SSL and early TLS cannot be used as security controls to protect payment data after 30 June 2016.
 
Geraint Williams, head of technical services at IT Governance and a QSA says, “Although organisations are given a grace period to transition, it is in their interest to start addressing the changes now as this matter affects their information security.
 
“PCI DSS v3.1 mandates the creation of a formal risk mitigation and migration plan for existing implementations that use SSL and/or early TLS. I would advise companies to seek professional help if they don’t have the internal expertise to deal with this issue effectively.”
 
PCI DSS version 3.0 had some evolving requirements that will come into effect on 1 July 2015, which makes it challenging for organisations to keep on top of all the changes introduced by the new version of the Standard.
 
Williams says, “While planning to address the PCI DSS v3.1 changes, organisations are under pressure to comply with some evolving requirements, introduced in version 3.0, by 30 June 2015. These include requirements 6.5.10, 8.5.1, 9.9, 11.3 and 12.9. Organisations should be acting now to ensure they are fully prepared to meet these requirements to pass their next assessment or audit.”
 
As an approved QSA company, IT Governance is ideally positioned to help organisations transition to PCI DSS v3.1 or comply with the Standard for the first time.
 
Visit IT Governance’s PCI Consultancy page, or call them on +44 (0)845 070 1750, or email servicecentre@itgovernance.co.uk.
 
For more products and services and further inquiries, call +44 (0)845 070 1750 or send an email to the IT Governance customer service team.
This website uses cookies. View our cookie policy