PCI Imposes New Payments Security Rules
On Thursday, April 28th, the PCI Security Council will be issuing its new payments security requirements. The new requirements are going to impose new rules, specifically surrounding authentication and third-party vendors (service providers and vendor management). The Thursday roll-out will insist on multifactor authentication (MFA) for all parties involved whose network access privileges might possibly enable them to touch payments data, regardless of job function. This is a change from previous requirements, which have only mandated multifactor authentication for people who work directly with payments data.
In addition to this requirement, third-party vendor companies who provide services to PCI-compliant organizations must also be PCI compliant, regardless of whether or not they are accessing payments data first-hand. The uniqueness about these changes stems from the Council’s recognition that protections must be implemented throughout all aspects of relationships and interactions with vendors. If a company provides services to a PCI-compliant customer, they should ensure that payment data access is restricted to unique users who are entirely segregated from the service provider’s entire network, or must comply with the Council’s requirements throughout their organization.
If you have any questions about PCI Compliance please contact Nate Gravel, Director of the Information Security Practice at firstname.lastname@example.org or W. Jackson Schultz, Security Consultant at email@example.com.
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.