PCI-DSS PA-DSS changes – latest updates

Anticipated changes to the standard for payment card security have been announced and PCI Security Standards Council have issued some guidelines ahead of the final changes to help merchants get ahead y reviewing and understanding the changes ahead of their implementation. The revised standard (Version 3.0) is due to come come out in November

Will a lead lined wallet be the only solution?

Will a lead lined wallet be the only solution?

this year.

According to the Change Highlight Document, the updated version of PCI-DSS and PA- DSS will;

  • Provide stronger focus on some of the greater risks in the threat environment
  • Provide increased clarity on PCI-DSS & PA-DSS requirements
  • Build greater understanding on the intent of the requirements and how to apply them
  • Improve flexibility for all the entities implementing, assessing and building to the Standards
  • Drive more consistency among assessors
  • Help manage evolving risks/threats
  • Align with changes in industry best practices
  • Clarify scoping and reporting
  • Eliminate redundant sub requirements and consolidate documentation

Key themes for the new version include

Education & Awareness – to help drive education and build awareness internally and with business partners and customers.

Increased Flexibility – Enabling organisations to take a more flexible approach on meeting requirements in common risk areas such as weak passwords, malware and poor authentication methods.

Security as a Shared Responsibility – Changes  introduced to help organisations understand their entities’ PCI-DSS responsibilities when working with different business partners to ensure cardholder data security. 

Emerging technologies

The PCI -DSS and PA-DSS are bult in a way that their principles can be applied to a variety of cardholder data environments, such as mobile or cloud. The PCI Special Interest Group issues separate and specific guidance for mobile via the PCI SSC Website  (Mobile Payment Acceptance Security Guidelines for Merchants).


We will be issuing our own guidance document soon. Watch this blog or our website news and dedicated PCI-DSS page


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s