On November 1, 2016, the Payment Card Industry (“PCI”) Security Standards Council’s newest set of Data Security Standards (“DSS”) went into effect. Announced earlier this year, PCI DSS Version 3.2 has made a variety of changes applicable to both merchants that accept payment cards as well as “Service Providers,” which are defined as third-party entities that “store, process, or transmit cardholder data” or that “manage components such as routers, firewalls, databases, physical security, and/or servers” on behalf of merchants. Below, we provide a summary of some of the more significant changes that affect merchants and Service Providers.
SSL
PCI DSS 3.0 Requires Some Service Provider Contract Changes
By Susan Ross (US) on
On April 15, 2015, the PCI Security Standards Council issued Payment Card Industry Data Security Standards (PCI DSS) version 3.1 (PCI DSS v3.1), which contains some “minor updates and clarifications” to PCI DSS v3.0, which went into effect on January 1, 2015.