New PCI compliance rules are a step in the right direction

2014 wasn't exactly the greatest year for cyber security. No indeed: from banks to retailers, companies and governments, last year was one to forget. Well actually, scratch that - last year was one more than ever to remember. The industry needs to learn from its mistakes, the loop holes need to be closed and customers' financial and personal details need to be better protected. That's exactly what the new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) is trying to help achieve. New PCI compliance rules are a step in the right direction

PCI 3.0 launched at the start of this year with more than 90 new standards designed to improve credit card security measures. The PCI Security Council, if you didn't know, was set up in 2006 with the mission statement: " to enhance payment account data security by driving education and awareness of the PCI Security Standards."

The standards have been updated in a three year cycle and this iteration of updates couldn't have come any sooner. In 2014 vulnerabilities were exposed, particularly in the US, with major retailers such as Ebay, Target and Home Depot suffering major data breaches and even the bank JP Morgan was compromised. Not to forget the major hack on Sony Pictures - whose perpetrators are still debated.

The latest PCI compliance standards have tried to address the causes for a number of these attacks, with an emphasis on improved cloud standards and practices. Another key update is the requirement for compliance to the standards from third-parties involved in payments. It became clear in the aftermath of the attacks, such as the one on Home Depot for example, that the point of entry for breaches was often attributed to third-parties - in the case of Home Depot, through its air-conditioning company. Third-parties are now obliged to use unique passwords and two-factor authentication.

The new standards also now incorporate more rolling requirements that evolve over time - this helps reflect the constantly changing battle front for security. Security is never set in stone and needs constant vigilance from administrators and companies to stay ahead of the game and minimise vulnerabilities.

We take security very seriously here at Ensygnia and we can link it to your identity and level of authority to control what areas of a system someone is allowed to visit. We actually think it's time to say goodbye to the password all together which was still a major entry point for a number of last year's hacks. We also think our product can provide a powerful payments experience, hence our commitment to complying to the latest PCI standards.

By Matthew Taylor 15th January 2015

Related stories around the web

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain - The Register

How and why to cope with tougher PCI compliance standards - Forbes

Obama makes push for stronger cyber security laws - BBC

pcisecuritystandards.org