The Deadline For PCI DSS 3.2 Is Quickly Approaching
One of the most important parts of any business is security, specifically for customer information. When a customer trusts you with their personal information – such as name, date of birth, address, or credit card numbers – they are trusting that their information is in good hands. If this information were exposed, it would create trust issues with your customer base, and potentially harm your business (not to mention legal issues that could arise).
In the next few months, a deadline is approaching for businesses to implement a new set of security standards under PCI Compliance, with January 31, 2018 being the last day you’ll be allowed to use the old set of standards. If your business handles payment cards (credit cards and debit cards), you’re going to want to make sure you are ready before this deadline hits.
What Is PCI Compliance?
Also known by its full name, Payment Card Industry Data Security Standard, PCI is essentially a set of standards that regulate how businesses process, store and transmit payment card information. Among other things, under PCI a business is required to:
- Protect the cardholder’s information and data
- Maintain a secure network
- Use access control measures
- Regularly monitor and test their networks
Complying with all of these standards provides customers with a level of comfort and security, while also protecting the business from legal liability. But as times change, new methods are developed designed to get around existing protocols. This is the main reason that new PCI standards are occasionally rolled out, with businesses required to comply by a certain date.
What Changes Have Been Made?
PCI is upgrading from version 3.1 to 3.2. This upgrade is aimed at clarifying a few previous provisions, addressing new exploits that have arisen, and improving against old exploits. If you would like to read more on the technical aspects of what’s changing, you can read this guide.
What Does My Business Need To Do?
2018 isn’t too far away now, so if your business isn’t compliant under PCI 3.2 yet, you’re going to want to start that process. The steps you need to take will largely depend on your business’s merchant level, which in turn is determined by the number of transactions you typically make within a 12-month period. For a step-by-step instruction, check out this guide on becoming PCI compliant.
PCI Compliance is not something you can typically do overnight however. It requires planning and implementation, which all take time. That’s why it is important to get started sooner rather than later, so that all of your customer information remains protected, and that your business remains compliant with all established standards.
How PCI Compliance Fits Into Your Overall IT Security Strategy
When you’re running a business, security is of the utmost importance. Not only do you need to protect important documents, but you need to guard employee and customer data. We’ve all seen on the news companies who failed to adequately secure their data, and it caused them nothing but headaches. PCI compliance should be just one part of your IT security systems, albeit an important one.
From PCI compliance to IT recycling and data destruction, you don’t want any security risks within your business. If you would like to find out more about IT security for your business – or specifically how to protect customer data when transitioning to new systems – please feel free to contact us at any time.