PCI-DSS 3.0 : What's Missing?
Page 1 of 1
On January 1, 2015, the Payment Card Industry Data Security Standard (PCI-DSS) version 3.0 formally comes in effect, ushering in a new era of compliance specifications to secure payments. The PCI-DSS 3.0 specification was formally approved (http://www.eweek.com/security/pci-dss-3.0-security-now-officially-a-standard.html) a year ago in December of 2013, giving retailers and those that handle payments a year to get ready.
The PCI-DSS 3.0 specification includes many improvements and process clarification over its PCI-DSS 2.0 predecessor. With PCI-DSS 3.0 there is a clear focus on making security an ongoing process, as opposed to just a once-a-year activity with checkbox items for compliance. While there are a lot of different requirements in PCI-DSS 3.0 there are also some items that are part of secure payment deployments that are not.
One of the most often talked about security improvements for payments, especially in the U.S., is the use of Chip and PIN credit cards, also known as EMV (Eurocard Mastercard Visa). While EMV is considered by many to be a security improvement over magnetic stripe based credit cards, PCI-DSS 3.0 does not mandate the use of EMV - and likely never will.