The latest version of the Payment Card Industry Data Security Standards, PCI DSS 3.2, brings along with it significant changes that impact both large as well as small online vendors. With these new set of changes, digital merchants are expected to comply with several additional security measures which have been designed to specifically improve the safeguarding of customer cardholder data.
PCI Compliance Before PCI DSS 3.2
Prior to PCI DSS 3.2, the focus was mostly on backend safety. Server protection through secure configurations, connections, and encryption with the compliance in mind was the norm. To illustrate this point, here are some PCI DSS requirements which focus on back-end safety.
- Firewall Configuration is needed to protect cardholder data
- Security systems and processes must be assessed regularly
- Network Resources and Card-holder should be monitored all the time
- Anti-virus should be used and kept up-to-date
- Card-holder data should be encrypted whenever transmitted over public network
- Physical access to card-holder data must be restricted
- Unique ID should be assigned to each person with computer access
- Access to cardholder data must be restricted
With the PCI DSS 3.2, focus shifts to front-end protection as well. Front-end configuration and other-related safety precautions too are being given equal importance, making this version an all round protective system whose safety measures can improve the safety of customer cardholder data greatly.
PCI Compliance After PCI DSS 3.2
So how are the latest rules going to impact retailers? Apart from increasing the security measures, another significant change which has been introduced is the inclusion of the Level 4 merchants in the list of online vendors who are supposed to take PCI SAQ self-assessment compliance tests. This means Level 4 merchants should now submit a Self-Assessment Questionnaire (SAQ) to their respective issuing banks in order to remain completely compliant.
SAQ(s) help online vendors understand the extent to which they comply with PCI DSS requirements when it comes to securing cardholder information when it is captured or transmitted over the respective vendor’s network. SAQ(s) also help online retailers announce to the world that they are PCI compliant.
PCI DSS 3.2 also affects Level 1 merchants as well with a revised set of rules. This means compliance is even more stringent than before. Significant among these changes the annual computer system audits and quarterly network scans which Level 1 merchants have to carry out now in order to stay out of trouble.
Both computer system audits and network scans are going to prove tough for Level 1 merchants due to the general size of their network systems. This means these merchants must schedule these activities ahead of time in order to avoid missing the deadlines.
How HackerGuardian Helps Online Merchants Stay Compliant?
HackerGuardian is a PCI Council Approved Scanning tool from Comodo. It provides fully configurable vulnerability assessment and reporting service for networks and web servers. The scanning or audit process usually includes running over 60,000 security tests on enterprise servers and providing expert advice for fixing any discovered vulnerability.
Benefits of Using HackerGuardian:
- Get ‘Ready-to-submit’ PCI compliance reports which can be sent to merchant banks
- Detailed reports identifying security holes, containing actionable recommendations
- Secure web-based interface allowing you to schedule up to ten PCI scans per quarter on up to five servers
- Free access to HackerGuardian’s online Self-Assessment Questionnaire (SAQ) with Live Support