Skip to content
UniPayGateway
  • Why UniPay?
    • Merchant
    • ISO
    • Software Provider
    • Billing Company
    • Collections Company
  • Payment Solution
    • Payments as Service
    • White Label Gateway
    • On-Premises Solution
    • EMV Terminal Solutions
    • PayFac Model
  • Pricing
  • Services
    • Legacy System Replacement
    • Processing Consolidation
    • Payment Ecosystem Landscaping
    • PayFac Implementation
    • EMV Implementation
  • Webinars
  • Resource Hub
    • Trending Articles
    • Guides
    • Press Releases
    • Payment Advice
    • Infographics
    • Expert Consultation
    • UniPay Modules
    • Video Guides
    • FAQ
Demo
Home Trending Articles PCI Compliance Update

Latest News in PCI Compliance

Share

PA DSS and PCI compliance remain in the focus of Paymentech industry. Presently, COVID19 epidemic shifted the preferences of many buyers and sellers from cash to electronic payments. Indeed, payments that involve less physical contact, are less risky in terms of sanitary requirements.

PCI compliance and PCI data security standard update

Global increase in electronic transaction volumes spurred another surge of credit card fraud. Businesses and individuals become victims of identity theft and other kinds of fraudulent schemes. So, organizations that develop credit card security standards should respond accordingly.

Presently, PCI standards council is updating the basic PCI data security standard to version PCI DSS v4.0. The new draft document is now undergoing another round of public revision. This process is an iterative one. So, replacement of the current standard PCI DSS v3.2.1 with the new version will require many more months.

Reviews and comments by member companies indicate that some sections of the new standard draw greater attention than others. Now, we are going to take a look at PCI compliance issues, that reviewers’ comments mainly focus on.

The key points of the updated PCI compliance standard

First let us outline the strategic goals of the new PCI requirements. They are as follows.

  1. Fight the new challenges in the area of credit card data protection,
  2. Make PCI DSS compliance more flexible. Indeed, companies use different data security strategies and technologies. However, all of them should be able to successfully undergo PCI audit and certification.
  3. Enforce data security requirements on a permanent, continuous basis.

Now, let us list the PCI compliance issues, that provoked the largest number of reviewers’ comments.

  1. Encryption of sensitive card data as it is transmitted from point to point.
  2. Usage of two-factor authentication and strong passwords, documenting of access history, and frequency changes. All these requirements concern stricter user identification and access monitoring.
  3. Implementation of testing scenarios and protocols for security systems and processes.
  4. Limiting physical access to sensible cardholder data.
  5. Development and implementation of relevant security policies.

General security recommendations

Recently PCI standards council has published a set of strategic security recommendations. The recommendations are as follows.

  1. Lowering of cardholder data exposure levels;
  2. Generating stronger passwords;
  3. Regular updating and patching of payment handling software;
  4. Usage of stronger encryption mechanisms;
  5. Being more careful when choosing your payment partners.

So, the updated PCI DSS is totally in line with these PCi compliance recommendations.

So, who are the “target users” of the new standard?

Depending on transaction and processing volumes, a merchant belongs to one of four PCI compliance levels . Update of PCI requirements concerns both the largest companies (PCI DSS level 1 merchants) and small ones. Even SAQs, that level 4 merchants complete as part of PCI audit, are undergoing an update. So, all merchant services industry players will, probably, feel the impact of the changes in the PCI DSS.

To summarize

All companies, that “touch” sensitive credit card data, must follow the requirements of PCI standards council. Present version of the standard is PCI DSS v3.2.1, while v4.0 is on the way. If you need explanations on how PCI compliance applies to your specific business case consult a PCI auditor. You can also contact our payment experts here at UniPay Gateway.

Question
Question?

Let us help you envision UniPay as part of your business

Request Demo

Our Blog
Our Blog

For expert payment advice, please visit our blog at Paylosophy.com

Visit Paylosophy

With UniPay, you have the options of a flexible "payment as a service" model, an affordable white-label payment gateway solution, or a full on-premise software license, which ensure the top-quality payment processing experience for businesses of any size.

Payments as a service

White Label Payment Gateway

On-Premises Pricing Model

EMV terminal solutions

PayFac Model

Request Demo

Our Services

  • Legacy System Replacement
  • Processing Consolidation
  • Payment Ecosystem Landscaping
  • PayFac Implementation
  • EMV Implementation

Who Are You?

  • Merchant
  • ISO
  • Software Provider
  • Billing Company
  • Collections Company

Social Media

  • Paylosophy
  • Facebook
  • Twitter
  • YouTube

Copyright © 2023 United Thinkers LLC

All Rights Reserved | Privacy Policy

All Logos and Trademarks used or mentioned on this page are copyrighted property of their respective owners and are used for display purposes only.