Get ready, everyone – the next version of PCI DSS is on the books! If it seems like you’re hearing that news fairly often, you’re not alone. In April, the Payment Card Industry Security Standards Council (PCI SSC) officially released version 3.1 of PCI DSS with an immediate effective date. This is actually a few months before the final phase-in date for the PCI DSS 3.0 requirements occurs on June 30, 2015.

The most significant change found in PCI DSS 3.1 is the removal of SSL and early versions of TLS (version 1.0 and some implementations of version 1.1) from the list of approved encryption standards.   This is a direct response to last October’s discovery of the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability in SSL. Following industry best practices, PCI SSC is now dramatically curtailing the use of outdated encryption technology with an eye toward a complete ban in the future. Other changes in the new version of the standard are minor updates to clarify language and testing procedures for existing requirements.

Read the full article: Get Ready for PCI DSS 3.1!

Published July 2015 on SearchSecurity.com