pci-dssIf you are a merchant who has outsourced PCI DSS responsibilities to a third party, it may be prudent to ascertain how the provider is planning to meet the requirements coming into action by the end of 31 January 2018. Whilst this date may seem reassuringly distant, planning and implementing the changes could take a significant amount of time – and it is never too early for merchants or providers to consider how to meet these new requirements.

The new requirements in PCI DSS 3.2 necessitate the utilisation of multi-factor authentication to offer more comprehensive identity management. It is vital that affected merchants utilise the 18 months until the requirement comes into effect to comprehensively implement multi-factor authentication so it does not impact the customer journey or usability.

Staying abreast of upcoming changes in advance of them becoming mandatory can accommodate smoother progression, and ensure future updates can be met with minimal fuss. Merchants should use the time before 31 January 2018 to ensure user account administration is centralizedcentralised whilst consolidating access methods and entry points to CDE systems.

If you are working with a third party provider, offering cardholder data handling and processing, we’d recommend staying in continuous contact over the coming year and a half – to ensure all requirements are met when they come into effect at the start of 2018.

Tom Eggleston, Managing Director of ProofID, explains:

“With modern multi-factor authentication technology, it’s never been easier to make businesses more secure, and the simplicity of such products will persuade businesses to implement control and access measures. Standardised security measures authorised by a central council will ensure a more consistently secure and robust service for all users and customers – bringing all service providers in-line with a raised minimum requirement.”

PCI DSS v3.2 was released in April 2016, becoming the eighth information standard for organizations handling branded credit cards. Administered by the Payment Card Industry Security Standards Council, the first PCI DSS version was released in December 2004, stipulating a 12-point requirement list to protect cardholder data, and build a secure network.

If you are concerned your current provider may not be prepared for PCI DSS v3.2, the ProofID team may be able to help. For more information about how we can implement multi-factor authentication and create a robust user identification process, visit our homepage or call our dedicated team on 0161 906 1002.