By Viviana Wesley, PCI QSA, ISO 27001 Auditor
The Payment Card Industry Security Standards Council (PCI SSC) will be releasing version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in the second quarter of 2016 and will become effective as soon as it’s published. PCI DSS version 3.1 will be retired three months later to allow organizations to complete PCI DSS v3.1 assessments already under way.
Version 3.2 will include updates to address the following:
- Additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE)
- The addition of some of the Designated Entities Supplemental Validation (DESV) criteria for service providers
- Clarification of masking criteria for primary account numbers (PAN) when displayed
- Updated migration dates for SSL/early TLS that were published in December 2015
The PCI SSC recently wrote a blog post titled Preparing for PCI DSS 3.2: What to Expect in 2016, detailing some of the changes.
For more information, or to find out how your organization may be affected by this new version of the PCI DSS, please contact HALOCK.