Business Wire

PCI Security Standards Council Publishes Minor Revision to PCI Data Security Standard

Share

Today the PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Data Security Standard (PCI DSS), which businesses around the world use to safeguard payment card data before, during and after a purchase is made. PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. No new requirements are added in PCI DSS v3.2.1. PCI DSS v3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019.

“This update is designed to eliminate any confusion around effective dates for PCI DSS requirements introduced in v3.2, as well as the migration dates for SSL/early TLS,” said PCI SSC Chief Technology Officer Troy Leach. “It is critically important that organizations disable SSL/early TLS and upgrade to a secure alternative to safeguard their payment data.”

The minor changes in PCI DSS v3.2.1 reflect how existing requirements are affected once the effective dates and SSL/TLS migration deadlines have passed so that organizations can accurately report how their implementations meet these existing requirements after 30 June. Specifically, the changes include:

  • Removal of notes referring to an effective date of 1 February 2018 for applicable requirements, as this date has passed.
  • Updates to applicable requirements and Appendix A2 to reflect that only POS POI (point of sale point of interaction) terminals and their service provider connection points may continue using SSL/early TLS as a security control after 30 June 2018.
  • Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario.

The updates in PCI DSS v3.2.1 do not affect the Payment Application Data Security Standard (PA-DSS), which will remain at v3.2.

PCI DSS v3.2.1 and a summary of changes from v3.2 to v3.2.1 are available now in the Document Library on the PCI SSC website. Updated versions of the Migrating from SSL and Early TLS Information Supplement, Self-Assessment Questionnaires (SAQ) and SAQ Instructions and Guidelines will be published shortly to support PCI DSS v3.2.1.

For more information, read PCI Perspectives blog Q&A with Chief Technology Officer Troy Leach: PCI DSS Now and Looking Ahead.

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

Contact information

PCI Security Standards Council
Mark Meissner, +1-202-744-8557
press@pcisecuritystandards.org
Twitter: @PCISSC

About Business Wire

Business Wire
Business Wire
24 Martin Lane
EC4R 0DR London

+44 20 7626 1982http://www.businesswire.co.uk

(c) 2018 Business Wire, Inc., All rights reserved.

Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Moody’s Analytics Wins Best Reporting System Provider in Waters Rankings23.7.2019 15:30:00 CESTPress release

Moody’s Analytics, a global provider of financial intelligence, has won the award for Best Reporting System Provider in the 2019 Waters Rankings. We earned this recognition for our regulatory reporting solution. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190723005679/en/ For banks and insurers, staying on top of regulatory changes is critical. Our end-to-end solution handles the entire reporting process, producing 3,000 different regulatory reports covering more than 50 jurisdictions. It automatically delivers all required updates well in advance of the relevant deadlines and makes it easy for clients to review, adjust, audit, and validate their reports. The Moody’s Analytics regulatory surveillance team boasts a wealth of experience in both local and international domains going back decades. They monitor more than 100 supervisor websites to ensure that our clients receive the updates they need in a timely fashion. “Regu

Gilead Presents New Findings on Profile of Descovy® for Potential Use as HIV Pre-exposure Prophylaxis Compared With Truvada®23.7.2019 15:00:00 CESTPress release

Gilead Sciences, Inc. (NASDAQ: GILD) today presented additional results from the DISCOVER trial evaluating an investigational use of Descovy (emtricitabine 200 mg and tenofovir alafenamide 25 mg tablets; F/TAF) for HIV pre-exposure prophylaxis (PrEP). In a sub-analysis of the DISCOVER trial, Descovy reached intracellular drug concentration levels above the estimated protective threshold significantly more quickly than Truvada (emtricitabine 200 mg and tenofovir disoproxil fumarate 300 mg tablets; F/TDF), and additional pharmacokinetic data confirm that these drug concentration levels persist longer than Truvada. The results were presented at the 10th International AIDS Society Conference on HIV Science (IAS 2019) being held in Mexico City. “Gilead is committed to driving advances in HIV prevention and supporting broader public health initiatives that are designed to reduce HIV infections,” said Diana Brainard, MD, Senior Vice President, HIV and Emerging Viruses, Gilead Sciences. “These

Velodyne Lidar Acquires Mapper.ai for ADAS Launch23.7.2019 15:00:00 CESTPress release

Velodyne Lidar, Inc. today announced it has acquired mapping and localization software as well as intellectual property assets from Mapper.ai. Mapper technology will enable Velodyne to accelerate development of Vella™, breakthrough software that establishes its directional view Velarray™ lidar sensor. The Velarray is the first solid-state Velodyne lidar sensor that is embeddable and fits behind a windshield, as an integral component for superior, more effective advanced driver assistance systems (ADAS). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190723005257/en/ In addition to ADAS, Velodyne will incorporate Mapper technology into lidar-centric solutions for other emerging applications, including autonomous vehicles, last-mile delivery services, security, smart cities, smart agriculture, robotics, and unmanned aerial vehicles. (Photo: Business Wire) Mapper’s entire leadership and engineering teams will join Velodyne, bol

Wealthy Americans are increasingly willing to invest, new UBS survey finds23.7.2019 14:12:00 CESTPress release

US high net worth individuals and business owners are expressing growing intentions to invest as US markets continue to hit record highs in 2019, according to UBS Global Wealth Management's new quarterly Investor Sentiment survey. The survey, which polled more than 3,800 wealthy investors and entrepreneurs in 17 countries, also shows US investors remain positive on the U.S. stock market but continue to rank politics and the national debt as top concerns. Fifty percent of US investors see a diversified portfolio as a hedge against US-China trade tensions specifically, in line with UBS GWM's own views, compared with 41% who favor cash. Filippo Ilardi, US Client Strategy Officer at UBS Global Wealth Management, says: "We are pleased to see a substantial increase in investors willing to put more money in the market. Wealthy Americans are concerned about the political environment and US-China trade tensions but we are encouraged that they see diversification as an important way of managing

Andersen Global Expands into Ghana23.7.2019 13:30:00 CESTPress release

Ghana law firm, Sam Okudzeto & Associates, signed a collaboration agreement with Andersen Global, marking Andersen Global’s presence in 13 African countries and over 51 countries worldwide. Located in the capital of Accra, Sam Okudzeto & Associates is one of the largest law firms in Ghana. For the past 48 years, the firm has provided legal advice and guidance in the corporate and commercial areas, including patents and trademarks, mergers and acquisition, tax advisory, corporate banking, international trade and investment, debt recovery, mining and mineral law, industrial and labor, aviation, maritime law, petroleum oil and gas, and intellectual property. Sam Okudzeto & Associates founder and Managing Partner, Sam Okudzeto and Nene Amegatcher, have led the team since the establishment of the firm until Nene Amegatcher was elevated to the Supreme Court. The firm now has four partners and 18 lawyers who have gained international reputation for their keen knowledge and experience with Alt

Seoul Semiconductor Switches to Rimini Street for SAP Support23.7.2019 13:00:00 CESTPress release

Rimini Street, Inc. (Nasdaq: RMNI), a global provider of enterprise software products and services, the leading third-party support provider for Oracle and SAP software products and a Salesforce partner, today announced that Seoul Semiconductor, a global LED development and manufacturing company headquartered in South Korea, has switched from SAP to Rimini Street for support of its SAP ECC 6.0 system. As a result, Seoul Semiconductor has been able to reduce its annual maintenance fee by 50%, enjoy better support and can continue operating its stable, robust ERP ECC 6.0 system for a minimum of 15 additional years from the date the company switched to Rimini Street to retain full support without any forced upgrades or product migrations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190723005031/en/ Seoul Semiconductor, a global LED development and manufacturing company headquartered in South Korea, has switched from SAP to R