The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with PCI DSS 3.0. While the new version of the standard went into effect January 1, 2014, merchants have the option to certify compliance under the old version throughout 2014. When the calendar page turns, this option goes away and all merchants must validate compliance with PCI DSS 3.0. Are you ready for the change? In this tip we take a look at three of the major changes in PCI 3.0 and explain the steps you can take to bring your organization into compliance on time.

As PCI DSS is a contractual obligation, rather than a law, the standard does not directly apply to entities that have not entered into credit card merchant agreements. However, most organizations rely upon services provided by others for some portion of their credit card processing. PCI DSS extends to these entities by considering them as service providers and requiring that merchants enter into written agreements with any service providers that store, process or transmit credit card information on their behalf. These written agreements must require that service providers comply with the provisions of PCI DSS.

Read more: The final countdown to PCI DSS 3.0 mandatory implementation

Published September 28, 2014 on SearchSecurity.com