Any business that processes payment card information is required to comply with PCI DSS security standards. And with the support of biometric technology from Digitus, IT managers can swiftly attain relevant information pertaining to access control and ensure regulatory compliance.
PCI Council updates data security measure
The PCI Security Standards Council recently announced that it has revised its cardholder data security standard to better account for existing vulnerabilities. The group noted that the revision focuses on encryption protocol of the Secure Sockets Layer, which hasn't been durable enough to provide consistent communication security in a network.
The National Institute of Standards and Technology deemed the previous version of the standard as unfit for comprehensive security of payment data, ushering in the addendum. While the revisions have already been implemented by the council, a sunset period ending on June 30 gives data center managers enough time to update their systems.
Stephen W. Orfei, the council's general manager, said that the group is committed to the most effective standards that can help prevent data breaches in regards to payment data. He noted that industry and market feedback has helped support the ongoing development of these standards, and added that the update – PCI DSS 3.1 – provides organizations with a useful approach to infrastructure security.
"With the support of biometrics, IT managers can ensure regulatory compliance."
The malleable nature of the security update
Troy Leach, the chief technology officer of the PCI Security Standards Council, spoke with eWEEK about the necessity of a revision for the payment data measure. He said that the Security Sockets Layer protocol wasn't getting the job done, and this problem couldn't be solved with a quick fix. Meanwhile, the widespread use of this encryption method only amplifies the need for an immediate update to version 3.1.
"The goal is to encourage merchants and others that haven't yet addressed the Secure Sockets Layer and early Transport Layer Security issues to be aware of the risk and start addressing the problem sooner, rather than later," Leach told the news outlet. "We understand it takes time to migrate, but it's critical that in the meantime organizations understand the potential risk to their environment so they can mitigate them as much as possible."
The publication reported that the council has already received encouraging feedback from tech industry representatives about the security revision. Don Brooks, a senior security engineer with Trustwave, a data protection agency, told the source that the update meets expectations and advises organizations to quickly follow suit. Biometric technology would be a great way to start.