Five Tips to Prepare Your Business for PCI DSS 3.0

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Tips to Prepare Your Business for PCI DSS 3.0-2 Next

Understand What Requirements Have Evolved

Map your current environment to the new PCI DSS 3.0 requirements. The changes between the PCI DSS 2.0 and 3.0 requirements can be daunting if your organization is not prepared to implement the changes by the deadline. Build a plan to identify any new changes in your current environment that may require time and planning to implement by the January 1, 2015 deadline. For example, additional requirements and clarifications in the new standard significantly expand the scope of systems requiring security assessment and controls, including coverage of network devices like routers and firewalls.

According to an eWeek article on PCI DSS 3.0:

One of the new best practices that will not be required until 2015, Troy Leach, CTO of PCI SSC, told eWEEK, is a need for agreements between merchants and third-party service providers about the responsibilities of protecting cardholder data. Another area that will be an initial best practice is requirement 9.9, which stipulates further requirements around the inspection of physical security and protection for payment terminals.

In today's global marketplace, credit card breaches are widespread, affecting everyone from small and medium-sized businesses to Fortune 100 corporations. As we've seen with recent retail breaches at Home Depot, Kmart, Target, Michaels and others, cardholder data (CHD) has become a more prevalent target, and there's an increasing need to implement stronger security measures to protect consumers and their data. Businesses that manage CHD are required to comply with the Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0).

The PCI DSS 3.0 standard was effective January 1, 2014, however, organizations that were compliant with the requirements in PCI DSS 2.0 have an extended deadline and must comply with the new standard by January 1, 2015. The updated standards provide baseline security measures to align organizations more closely with industry best practices, and drive them to build the practices into their daily operations. PCI DSS is no longer a once-a-year auditing activity. It's now a continuous day-to-day practice. In this slideshow, cloud security vendor Qualys provides five tips to prepare your business for PCI 3.0.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

IT_Man89-290x195 9 Tips for Running a 'Tween' Company

Advice and tips for entrepreneurs and companies that are no longer startups but not quite ready for an IPO, also known as "tweens." ...  More >>

IT_Man88-190x128 Top 5 Trends Affecting Women-Owned Micro Businesses

Learn more about the challenges and opportunities presented to women leaders, especially micro-business owners. ...  More >>

Analytics21-190x128 5 Ways to Avoid Becoming 'Digital Prey'

Future IT leaders will need to seek technologies that eliminate silos in order to deliver the right information to the right person within the right application environment at the right time. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.