The Payment Card Industry Data Security Standard (PCI DSS) was designed to protect cardholder data, and usually gets updated once every three years. Auditors test credit card companies' PCI DSS compliance even more often than that -- once a year. Couple that with the fact that the more rigorous version 3.1 is now in effect, and it's no surprise that the pressure is greater than ever on these organizations to constantly have PCI regulations top of mind when it comes to their everyday compliance operations.
Each new version of PCI DSS is more expansive and stringent than the last, and version 3 is no exception. Check out SearchCompliance's IT Compliance FAQ series on PCI DSS:
- "What changes are afoot under PCI DSS 3.0 requirements?": Learn about the key differences between versions 2.0 and 3.0, and how the latest PCI requirements will affect compliance costs and impact service providers.
- "What changes are businesses facing under PCI DSS version 3?": Find out how this iteration attempts to address long-standing criticisms of the standard, what types of businesses will be affected by these changes and more.
After the release of version 3 in 2013, the number of fully PCI-compliant organizations almost doubled in 2014. However, few of these organizations can maintain compliance, according to a 2015 Verizon report. Our sister site, SearchSecurity, explores that issue and more:
- "More companies achieve PCI compliance but fail to maintain it": Discover why PCI DSS requirements such as firewall documentation and data storage remain stumbling blocks for many merchants.
- "PCI DSS 3.1 launches, requiring detailed SSL security management plan": Find out how version 3.1 addresses high-risk weaknesses in the SSL and TLS encryption protocols, and what course of action merchants should take.
Data source: Verizon 2015 PCI Compliance Report