Main Content Main Menu

Legal Updates

Print PDF
Cybersecurity and Data Privacy
PCI DSS Version 3.2.1 Released: What You Need to Know
By Karen Painter Randall on 05.21.2018
PCI DSS Version 3.2.1 Released: What You Need to Know

On May 17, 2018, the Purchase Card Industry Security Standards Council (PCI SSC) released version 3.2.1 of its PCI Data Security Standard (PCI DSS). Founded in 2004 by Visa, MasterCard, Discover, and American Express, the PCI SSC produces the “best practices” for enhancing the security of payment card and cash card exchanges, as well as ensuring consumer protection against abuse of personal data. This new version replaces v3.2 and remains valid through December 31, 2018. The primary purpose of this update is to amend phrasing in PCI DSS v3.2 to eliminate confusion around effective dates for requirements introduced in that version.

Importantly, v3.2.1 seeks to also clarify the migration requirements surrounding the Secure Socket Layer (SSL)/early Transport Layer Security (TLS) technologies. Overall, these changes are intended to reflect how existing requirements are affected once the effective dates and the SSL/TLS deadlines have passed, allowing organizations to accurately report how their implementations meet the existing requirements after June 30, 2018. The changes include:

  • Removal of notes referring to an effective date of February 1, 2018 for applicable requirements, as this date has passed.
  • Updates to applicable requirements and Appendix A2 to reflect that only point of sale point of interaction (POS POI) terminals and their service provider connection points may continue using SSL/early TLS as a security control after June 30, 2018.
  • Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario.

Further, the updates in v.3.2.1 do not affect Payment Application Data Security Standard (PA-DSS), which remains as implemented in v3.2.

To see a full summary of changes from v3.2 to v3.2.1, follow this link: https://www.pcisecuritystandards.org/documents/PCI_DSS_Summary_of_Changes_3-2-1.pdf?agreement=true&time=1526911748445

To view the entirety of v3.2.1, click here: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1526911657691

Archives

Back to Page

Connell Foley LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek