New York -- Version 3.0 of the PCI Data Security Standards (PCI DSS) and Payment Application Data Security Standard (PA-DSS) has been published and will become effective on January 1, 2014.
The PCI Security Standards Council (PCI SSC), a global forum for the development of payment card security standards, published version 3.0 to its website, but version 2.0 will remain active until Dec. 31 to ensure adequate time for organization to make the transition.
The standards are updated every three years based on feedback form the Council's global members per the PCI DSS and PA-DSS development lifecycle as well as in response to market needs. Version 3.0 will help organizations make payment security part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Overall, the updates include specific recommendations for making PCI DSS part of everyday business processes and best practices for maintaining ongoing PCI DSS compliance; guidance from the Navigating PCI DSS Guide built into the standard; and enhanced testing procedures to clarify the level of validation expected for each requirement.