Essential Guide

PCI 3.0 special report: Reviewing the state of payment card compliance

Learn about the critical changes in PCI DSS 3.0, the history of the PCI Data Security Standard, and what the future may hold for payment card industry compliance.

Introduction

It's been three years in the making. The third iteration of the Payment Card Industry Data Security Standard, arguably enterprise information security's most important and successful mandate, updates the rules merchants must follow to protect customer payment card data.

credit card with padlock

PCI DSS 3.0 raises the bar for vulnerability assessments, password management and provider compliance. Which changes will have the greatest effect on the PCI compliance process? Does PCI 3.0 go too far, or not far enough? How should enterprises prepare for PCI 3.0 assessments in 2015? We tackle those questions and more in this exclusive SearchSecurity special report.

1News & Analysis-

PCI Data Security Standard 3.0

PCI 3.0 is here. Read our news coverage detailing the changes and get expert analysis on what they mean for payment card compliance.

News

PCI 3.0: New requirements cover pen testing, service providers

Version 3.0 of the Payment Card Industry Data Security Standard has few surprises, but a host of new requirements and challenges for merchants. Continue Reading

Tip

PCI DSS version 3.0 analysis: The five most important changes

PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Continue Reading

Tip

PCI QSA analysis: PCI DSS 3.0 is a step forward

A veteran Qualified Security Assessor believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes. Continue Reading

Tip

PCI DSS review: Assessing the PCI standard nine years later

As the industry preps for PCI DSS 3.0, compliance expert Mike Chapple reviews PCI's successes and failures. Has it made card data more secure? Continue Reading

News

Early look at PCI 3.0 emphasizes vulnerability assessments, passwords and payment data flow

The proposed PCI DSS 3.0 standard would emphasize in-house vulnerability assessments, add password flexibility and highlight provider compliance. Continue Reading

News

2013 PCI Community Meeting highlights: Point-of-sale security, PCI 3.0, and more

PCI Community Meeting attendees this week discussed POS security and EMV issues; officials say feedback will influence more changes in the final PCI DSS 3.0. Continue Reading

Definition

PCI DSS 3.0

PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SSC) to ensure the security of electronic payment data and sensitive authentication data. Continue Reading

2Podcast-

PCI SSC leaders answer questions on PCI 3.0

Listen to an exclusive interview with the top executives of the PCI Security Standards Council.

Podcast

Podcast: The SSC's Russo and Leach discuss the final version of PCI 3.0

PCI SSC General Manager Bob Russo and CTO Troy Leach discuss the final version of PCI DSS 3.0, explain why certain changes were made, and foreshadow what's next for the Security Standards Council. Continue Reading

3Timeline-

PCI DSS: A history in pictures

SearchSecurity is pleased to present an original visual timeline detailing the history of the PCI DSS, listing dates, events and people that have been crucial in the creation and evolution of the payment card industry compliance mandate.

Feature

Visual timeline: The history of PCI DSS

The origins of the PCI Data Security Standard date to the late 1990s. Explore key events in the history of PCI DSS, from Y2K to PCI DSS 3.0. Continue Reading

4Archives-

Bonus content: Events in PCI DSS history

As a supplement to our "Visual timeline: The history of PCI DSS," review these historical articles detailing notable events that shaped the creation and development of the Payment Card Industry Data Security Standard.

News

Lack of guideline uniformity puts Visa merchants in quandary

Compliance with Visa's 2001 mandate may be hard because of a lack of uniformity between Visa's North American and International divisions' guidelines. Continue Reading

Feature

Swiping back: Praise for PCI Data Security Standard

PCI is winning praise from security experts for providing specific requirements on encrypting data, implementing access controls and configuring firewalls. Continue Reading

News

New PCI Council details changes to Data Security Standard

Version 1.1 clarifies existing requirements, as well as adds some requirements, but contrary to speculation over the past few months, it does not relax or water down security requirements for merchants and vendors. Continue Reading

News

TJX breach worse than originally feared

Customers who used their cards at the company's stores between January 2003 and June 2004 were discovered to be at risk. Continue Reading

News

PCI DSS assessors see lessons in TJX data breach

According to several PCI auditors, companies should study the TJX security breach for clear lessons on what not to do with customer data. Continue Reading

News

First Data CISO calls for PCI DSS changes

Phil Mellinger, who developed the precursor to the current PCI DSS rules, is calling for an overhaul to eliminate subjectivity. Continue Reading

News

PCI DSS: The bar should not be lowered

PCI SSC general manager Bob Russo says the baseline principle of protecting customer data will not be advanced by a loosening of PCI DSS requirements. Continue Reading

News

PCI Council adds new standard for payment applications

The new Payment Application Data Security Standard, or PA-DSS, is based on Visa's Payment Application Best Practices, or PABP. Continue Reading

News

In FTC settlement, TJX agrees to 20 years of audits

TJX agreed to implement tighter security and allow its data to be audited to settle charges that its poor security led to the massive data security breach. Continue Reading

News

PCI SSC launches assessor quality assurance program

The program will involve staff members who will be dedicated to quality assurance, and will evaluate feedback from merchants on assessors. Continue Reading

News

Expert predicts PCI DSS problems for retailers

An expert says it could cost millions of dollars for retailers to rip and replace outdated systems and devices still using Wired Equivalent Privacy, or WEP, to secure 802.11 Wi-Fi networks. Continue Reading

News

Heartland breach highlights PCI DSS limitations

Eric Ogren says the standard is often overkill for enterprises and the prescriptive nature of PCI inhibits innovation in such areas as virtualization and cloud computing. Continue Reading

News

TJX, Heartland hacker sentenced to 20 years in prison

A federal judge sentenced Albert Gonzalez to 20 years in prison for his involvement in a series of massive data security breaches at Heartland Payment Systems and other companies. Continue Reading

News

PCI DSS 2.0 addresses secure coding, key management

Minor changes will be the rule for the 2.0 iteration of PCI DSS, including clarifications on secure coding and key management and a change that recommends merchants use data discovery tools to find cardholder data before a PCI assessment. Continue Reading

News

PCI DSS risk assessment methodology unique to each company

According to a new report by the PCI SSC, organizations need to create a risk assessment methodology that works for their specific business environment. Continue Reading

5Ask the Experts-

Your questions answered

SearchSecurity experts Mike Chapple (enterprise compliance, standards and frameworks) and Joseph Granneman (security management) are standing by to answer your questions about PCI DSS compliance.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close