The PCI SSC considered many things when drafting Version 3.0 of the PCI DSS and PA DSS standards including:
- What will improve payment security?
- Global applicability and local market concerns
- Appropriate sunset dates for other standards or requirements
- Cost/benefit of changes to infrastructure
- Cumulative impact of any changes
The nature of the changes reflects the growing maturity of the payment security industry since the Council’s formation in 2006, and the strength of the PCI Standards as a framework for protecting cardholder data. Cardholder data continues to be a target for criminals.
Lack of education and awareness around payment security and poor implementation and maintenance of the PCI Standards leads to many of the security breaches happening today.
The updates address these challenges by building in additional guidance and clarification on the intent of the requirements and ways to meet them. Additionally, the changes in PCI DSS and PA-DSS 3.0 focus…
View original post 1,770 more words