{"id":4442,"date":"2018-01-29T11:01:30","date_gmt":"2018-01-29T05:31:30","guid":{"rendered":"https:\/\/qadit.com\/blog\/?p=4442"},"modified":"2018-01-29T11:01:30","modified_gmt":"2018-01-29T05:31:30","slug":"pci-dss-3-2-will-unveil-compliance-cramming-culture","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/pci-dss-3-2-will-unveil-compliance-cramming-culture\/","title":{"rendered":"PCI DSS 3.2 will unveil compliance cramming culture"},"content":{"rendered":"<div>\n<div class=\"entry-content\">\n<p>February 1, 2018 marks the deadline for businesses to adopt the new industry standard, PCI DSS 3.2, aimed at reducing and better responding to cyber attacks resulting in payment data breaches.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.helpnetsecurity.com\/images\/posts2018\/pci-dss.jpg\" class=\"aligncenter\" alt=\"compliance cramming\" title=\"PCI DSS\" \/><\/p>\n<p>Originally announced in 2016, the industry has had almost two years to prepare for these increased requirements but a significant percentage of businesses are still not prepared, secure payment solutions provider, PCI Pal, warns.<\/p>\n<p>\u201cThe industry has developed a culture of compliance cramming, treating PCI as an annual exam to be passed without working towards a culture of continuous compliance. For businesses in this \u2018annual pass\u2019 group, PCI DSS 3.2 could be a rude awakening because it requires evidence of continuous compliance instead of a pass\/fail,\u201d said Geoff Forsyth, CTO at PCI Pal.<\/p>\n<h3>PCI DSS 3.2 requirements<\/h3>\n<p>Primary requirements of PCI DSS 3.2 include:<\/p>\n<ul>\n<li>Expansion of requirement 8.3 to include use of multi-factor authentication for administrators accessing the cardholder data environment<\/li>\n<li>Additional security validation steps for service providers and others, including the \u201cDesignated Entities Supplemental Validation\u201d (DESV) criteria.<\/li>\n<\/ul>\n<p>Despite existing data security standards, many companies struggle to ensure continuous compliance \u2013 data taken from a 2017 report found that at the time of data compromise the average merchant is not compliant with almost half (47%) of current PCI DSS requirements. Of those that do pass compliance checks, almost a third are not compliant just 12 months later, according to Verizon\u2019s PCI DSS Compliance report.<\/p>\n<h3>PCI DSS 3.2 will address compliance cramming<\/h3>\n<p>Forsyth continues: \u201cTo be PCI compliant is a constant process. The annual assessment has, to date, only been able to check that the correct processes are in place. PCI DSS 3.2 will change that approach, requiring evidence that device inventories and configuration standards are kept up to date, and security controls are applied where needed.<\/p>\n<p>\u201cCompanies should no longer rely on outdated workarounds such as pause-and-resume. The recent spate of high-profile security has thrust this issue into the spotlight but this new standard will ensure it stays front of mind for the industry at large.\u201d<\/p>\n<p class=\"hnst-tag-specific-content\">\n<\/p><\/div>\n<\/p><\/div>\n<p><b>Read the Full Article here: <a href=\"https:\/\/www.helpnetsecurity.com\">&gt;Help Net Security &#8211; News<\/a><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>February 1, 2018 marks the deadline for businesses to adopt the new industry standard, PCI DSS 3.2, aimed at reducing and better responding to cyber attacks resulting in payment data breaches. Originally announced in 2016, the industry has had almost two years to prepare for these increased requirements but a significant percentage of businesses are &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/pci-dss-3-2-will-unveil-compliance-cramming-culture\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;PCI DSS 3.2 will unveil compliance cramming culture&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[293],"class_list":["post-4442","post","type-post","status-publish","format-standard","hentry","category-itsec","tag-wonder-information"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-19E","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4442"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4442\/revisions"}],"predecessor-version":[{"id":4443,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4442\/revisions\/4443"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}