Encryption, tokenisation to shape future PCI compliance

By
Page 2 of 2  |  Single page

Merchants have until the end of the year to comply with version 3.0 of the PCI DSS standard, which was introduced in November 2013. 

Encryption, tokenisation to shape future PCI compliance
Troy Leach, CTO, PCI Council.

A key theme in the version is to reinforce how merchants should view PCI compliance within the context of outsourcing to third party cloud service providers and other outsourcers.

“You’ve seen the majority of the data breaches reported [involved] third parties having access to sensitive information,” Leach said.

“We should have expected it [well before the big retail breaches] because as an industry there is more outsourcing going on, more dependencies on outsourced service providers and third party software services.”

One of the main problems was that merchants had confused the PCI compliance their cloud service providers offered via their contracts - related to protecting the merchant's credit card details - has also covered the services the merchant offered customers that were underpinned by the cloud service.

“They thought that once they had outsourced to some random third party, that their responsibility was done,” Leach said. “That was never the case – they are still responsible to protect it.”

Version 3.0 therefore provides new requirements on third parties. Merchants have also separately been handed documents that Leach describes as “ammunition” to seek better security controls from cloud service providers.

Previous Page 1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?