By Indusface

The PCI Security Standards Council (PCI SSC) has recently published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security. As a result, organizations now need to move to address comprehensive security practices built on shared responsibility than just compliance.

The PCI-DSS 3.0 Overview

Build and Maintain a Secure Network
  • Install & maintain a firewall configuration to protect cardholder data
  • Do not use vendor supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open public networks
Maintain a VulnerabilityManagement Program
  • Protect all systems against malware and regularly update anti-virus software  or programs
  • Develop and maintain secure systems and applications
Implement StrongAccess ControlMeasures
  • Restrict access to cardholder data by business need-to-know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
Regularly Monitor andTest Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain an InformationSecurity Policy
  • Maintain a policy that addresses information security for all personnel

Applicability of PCI DSS 3.0: 1st January2014
2.0 to 3.0 transition time limit: 31st December2014

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.