Since 2013, 14 billion data records have been lost or stolen. Only 4 per cent of these breaches were “secure”.

In this interview with the Council’s Global Head of Standards, Emma Sutcliffe addresses key questions about the RFC on the first draft of PCI DSS v4.0

PCI SSC has begun efforts on PCI Data Security Standard version 4.0 (PCI DSS v4.0). Industry Feedback will Shape PCI DSS v4.0

DataStealth is a paradigm-shifting solution that will significantly reduce the scope of your PCI Compliance audit by up to 95%. DataStealth removes payment card information from data and documents BEFORE it enters your network.

As a response to the growth of sophisticated threats, regulatory bodies have issued guidelines and standards to ensure necessary cybersecurity processes and controls are in place across the healthcare, financial services, and retail industries to minimize the impact of an attack.

Achieving compliance with GDPR, PIPEDA, or PCI is like reaching a destination, but of the three, only PCI includes a roadmap that leads directly to formal compliance through a linear, finite, and predictable process.

The minor changes in PCI DSS 3.2.1 reflect how existing requirements are affected once the effective dates and SSL/TLS migration deadlines have passed so that organizations can accurately report how their implementations meet these existing requirements after 30 June.

Being compliant does not necessarily equate to having a secure environment, and according to industry insiders, most if not all large organizations who have been breached in the recent past were in fact compliant with PCI-DSS at the time they were breached.

As of February 1, 2018, the following will become requirements for all organizations complying with the PCI DSS.

The EU General Data Protection Regulation (GDPR) will be enforced from next year, superseding the Data Protection Act (DPA)