As they do every so often the PCI standards have been updated. For most businesses, things will continue to be business as usual. However, the updating of the standards is always a good time to evaluate your compliance status with PCI and make sure that your company is adequately protecting cardholder data.
The 3 main points of the update are:
1. Updating the term "Two-Factor Authentication" to "Multi-Factor Authentication"
Most payment environments already use Two-Factor Authentication, meaning in addition to a password they will have security questions such as "What is your Mother's Maiden Name?", "What was the name of your high school?", etc. Other "factors" can include key cards, fingerprints, etc.
2. Only when instructed, some merchants may have additional reporting requirements
Most merchants will be unaffected. But when required by a card brand or acquirer, merchants may be required to provide additional information in accordance with PCI DSS Supplemental Designated Entities Validation (DESV). The document is available to download on this page.
This is likely to only be required for merchants that are seen as "high risk"
3. New requirements for service providers
Service providers are required to test system security more frequently, including mandatory penetration testing every 6 months, and quarterly reviews of internal policies and procedures.
While your organization may be doing everything it can to ensure cardholder data is secure, it is important to ensure that any 3rd party vendors are current with their PCI DSS compliance.
If you have any questions please feel free to contact us by emailing firstname.lastname@example.org.
The Agapay Team