Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) released Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes several enhanced security requirements that will affect how businesses protect payment card data in their systems. The updated standard calls upon businesses to take a more active role in security compliance. It also addresses several common vulnerabilities in the cardholder data environment, including weak passwords, fallible authentication methods, unpatched malware protection, and inadequate threat monitoring practices. The end result is a standard that gives businesses a clearer, yet more stringent, set of baseline requirements for protecting cardholder data. Compliance with Version 3.0 is required as of January 1, 2015, although some of the new requirements will not go into effect until July 1, 2015. Until then, they are recommended as best practices.
Read more on Hogan Lovells Chronicle of Data Protection.