While the Payment Card Industry (PCI) specification has always been a sore spot for many IT organizations, the latest iteration of the PCI specification is about to become a significantly more expensive endeavor for most organizations to comply with. Rather than simply having a third-party certify PCI 3.0 compliance, IT organizations, by the latter part […]
While the Payment Card Industry (PCI) specification has always been a sore spot for many IT organizations, the latest iteration of the PCI specification is about to become a significantly more expensive endeavor for most organizations to comply with.
Rather than simply having a third-party certify PCI 3.0 compliance, IT organizations, by the latter part of 2014, are going to have to show they ran actual penetration testing in order to attain compliance. Those tests are going to not only have to address physical connections, but also any of the applications involving credit card transactions that an organization develops.
According to Rodolphe Simonetti, managing director of Verizon’s new Payment Card Industry Services, PCI 3.0 has a lot more teeth in terms of making sure an organization is able the comply with it. Nevertheless, like most specifications, Simonetti notes that PCI covers a base minimum level of security. The trap many organizations fall into, says Simonetti, is thinking that complying with PCI makes their organization secure.
Audits associated with any compliance specification consume a lot of time. But for the most part, they have tended to concentrate on theoretical. Penetration testing represents a significantly higher threshold in terms of achieving compliance. But just because your organization may be able to pass those tests, one should not assume that hackers and other purveyors of malware are going to limit their attacks to the scope of the tests covered within the PCI specification.
Technically, PCI 3.0 goes into effect starting in January of 2014. But like most specifications, there is a fair amount of time before organizations have to show they are in compliance. However, like most tests, cramming for this one the days and nights before is probably not going to lead to a passing grade.
Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
