Security News

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. To provide organizations time to understand the changes in the new version and implement any updates needed, the current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on 31 March 2024.

At the end of March 2022, the PCI Council released the PCI DSS 4.0. The current version of PCI DSS will still be available until Q1 2024, at which point 4.0 goes into full effect, with the exception where the Council has turned the evolving controls.

This agreement brings Semafone into the Avaya ecosystem of alliances, with the goal of helping contact center customers solve the complex security and compliance challenges faced as they embrace a work from anywhere model. The integration of Semafone's, DevConnect certified, secure payment technology with Avaya OneCloud enterprise Session Border Controller, enables Cardprotect Voice+ to be deployed and used across all global Avaya OneCloud contact center solutions.

Windstream Enterprise announced that it has renewed Payment Card Industry Data Security Standard compliance for its entire portfolio of SD-WAN and Managed Network Security services. Compliance with PCI DSS provides independent verification from a Qualified Security Assessor to ensure the highest levels of security and compliance for the processing, storage and transmission of cardholder data.

In addition to the continued decline in compliance, the current iteration of PCI DSS is expected to be replaced by PCI DSS 4.0 in mid-2021, with an extended transition period. The core principle of the PCI DSS is to protect cardholder data, and with PCI DSS 4.0, it will continue to serve as the critical foundation for securing payment card data.

With many companies struggling to retain qualified CISOs or security managers, the lack of long-term security thinking is severely impacting sustained compliance within the Payment Card Industry Data Security Standard. Additional findings shine a spotlight on security testing where only 51.9 percent of organizations successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately.

The enterprise-trusted, build-to-production container security solution now includes extensive compliance reporting and enforcement for PCI DSS, GDPR, and other industry and government standards, as well as new workflows specifically designed to make it easy for DevOps teams to track critical vulnerabilities and to ensure - and prove - compliance. With a single click, DevOps teams can enable NeuVector's pre-configured compliance templates to identify any potential industry compliance issues and generate audit reports for PCI DSS, GDPR, and other stringent - and often changing - data security regulations.

When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life and support on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1. "If you have a store that continues to run on Magento 1 after June 30, please be aware that from that date forward you have increased responsibility for maintaining your site's security and PCI DSS compliance," Adobe warned.

Semafone, the leading provider of data security and compliance solutions for call and contact centers, announced that it has achieved global certification under the Payment Card Industry Data Security Standard for its omnichannel digital payments solution, Cardprotect Relay+. Semafone has also been named on the Visa Global Registry of Service Providers demonstrating its ability to adhere to strict, updated and ongoing PCI DSS compliance, while upholding a strong defense against cardholder data compromise by supporting secure technologies such as point-to-point encryption and tokenization.

Today, I want to take a closer look at the PCI DSS 3.2 standard, starting with Requirement 8 and gradually making our way to Requirement 8.3.2. The standard specifically uses CDE, or the cardholder data environment, instead of "Sensitive data," but the concept is the same - make sure the person requesting access is truly who they claim to be.