Encryption, tokenisation to shape future PCI compliance

By
Page 2 of 2  |  Single page

Merchants have until the end of the year to comply with version 3.0 of the PCI DSS standard, which was introduced in November 2013. 

Encryption, tokenisation to shape future PCI compliance
Troy Leach, CTO, PCI Council.

A key theme in the version is to reinforce how merchants should view PCI compliance within the context of outsourcing to third party cloud service providers and other outsourcers.

“You’ve seen the majority of the data breaches reported [involved] third parties having access to sensitive information,” Leach said.

“We should have expected it [well before the big retail breaches] because as an industry there is more outsourcing going on, more dependencies on outsourced service providers and third party software services.”

One of the main problems was that merchants had confused the PCI compliance their cloud service providers offered via their contracts - related to protecting the merchant's credit card details - has also covered the services the merchant offered customers that were underpinned by the cloud service.

“They thought that once they had outsourced to some random third party, that their responsibility was done,” Leach said. “That was never the case – they are still responsible to protect it.”

Version 3.0 therefore provides new requirements on third parties. Merchants have also separately been handed documents that Leach describes as “ammunition” to seek better security controls from cloud service providers.

Previous Page 1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
card not presentencryptionhome depotpci compliancepci dsssecuritytargettokenization

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?