Nearly three-quarters of all UK adults bought goods or services online last year and this number will only increase. With internet shopping and payments rapidly growing in scale, it’s more important than ever to stay secure.
To this end, the Payment Card Industry Security Standards Council (PCI SSC) has recently launched their latest Data Security Standard (PCI DSS 3.1) to help businesses stay ahead of any potential data security issues.
Facing New Data Security Threats
Recent, well-publicised threats have highlighted the need for improved data security. In 2014, Heartbleed was brought to the world’s attention, and many realised for the first time quite how serious internet security threats had become.
Later in the year, POODLE was discovered and it became increasingly apparent that Secure Socket Layer (SSL) encryption was no longer truly fit for purpose. Although it’s been superseded by Transport Layer Security (TLS), many organisations still rely on SSL for secure communications.
An Emergency Update to PCI DSS
Due to the increasing risk of relying on SSL, the PCI SSC have chosen to update PCI DSS mid-cycle. Usually, PCI DSS runs over a three-year course and is expected to be sufficient to last the term; however, owing to the nature of the risks associated with the continued use of SSL (as well as early forms of TLS), the PCI SSC have intervened and launched PCI DSS 3.1.
The revision requires that merchants move from using SSL to the latest forms of TLS (1.1 and 1.2) – businesses are strongly encouraged by the SSC to utilise the latest TLS 1.2.
The PCI SSC make clear that they consider neither SSL nor TLS 1.0 to be examples of strong cryptography and they should not be relied upon.
From now on, under PCI DSS 3.1 guidelines, PCI compliance will require that technology which relies on SSL or early TLS cannot be introduced. In addition, from June 2016 no business will be allowed to use SSL or early TLS to protect payments (subject to limited exceptions for point of sale terminals).
Upgrade Your Security Protocols ASAP
Businesses are encouraged to update their security protocols as soon as possible to retain PCI-compliant levels of security and minimise vulnerability.
This update affirms that PCI compliance is crucial to ensuring that online payments are secure and reliable. By dealing with a PCI-compliant business, which adheres to the latest PCI DSS 3.1 requirements, you can be sure that your transactions are safe.
If you have any questions at all about PCI DSS 3.1 and why the updates are necessary, please get in touch with our expert secure payment consultants today!