The Payment Card Industry Data Security Standard ( PCI DSS ) is a requirement set down by several of the world’s leading payment card providers for any retailer who processes debit or credit card information.
However the scope of PCI DSS compliance, and the fact that individual requirements vary depending on the size of a company, can often make it confusing for businesses to understand.
And it may soon become even harder to internally evaluate PCI DSS compliance with new updates coming into effect on June 30.
Retailers will now be required to “establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities”, according to the security standards council – something which was previously only considered a best practice.
This means that businesses will not only have to be aware of and understand vulnerabilities, they must also be able to rank those vulnerabilities based on the relative risk to their systems.
The importance of having a secure system for managing payment card information has been highlighted in the media lately, with news breaking earlier this week (June 26) that the US Federal Trade Commission has filed a lawsuit against Wyndham Worldwide, accusing the hotel group of not properly securing customer information leading up to the theft of 600,000 payment card accounts.