The deadline for PCI 3.0 mandatory compliance is fast approaching. If you and your merchants are compliant that's good news. The bad news: the odds are against ongoing compliance. That's why card data security needs to be a multifaceted undertaking.
"PCI, EMV, point-to-point encryption – all of these things have to be done together," said Don Brooks, Senior Security Engineer at security services company Trustwave. These days EMV (short for Europay, MasterCard and Visa, the technical standard for chip cards and chip-reading terminals) is garnering much attention, with its looming October 2015 deadline for compliance.
However, compliance with the latest Payment Card Industry Data Security Standard (PCI DSS, or often just PCI) is mandatory beginning June 30. Acquirers and their partners should be working now to ensure merchants are and remain compliant with PCI 3.0, Brooks advised in an interview with The Green Sheet. "Ultimately it all comes down to the acquirer and the ISO making sure merchants are doing the right thing," he said.
PCI 3.0, released in 2014, updates the standard, which was previously updated in 2011. The effective date was January 1, 2015, but mandatory compliance was delayed for six months to provide companies sufficient time to complete implementation routines.
Read more here: greensheet.com