{"id":2580,"date":"2013-08-19T00:00:00","date_gmt":"2013-08-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-dss-v-3-0-risk-assessment-frameworks-for-ecommerce-mobile-cloud-computing\/"},"modified":"2013-08-19T00:00:00","modified_gmt":"2013-08-19T00:00:00","slug":"pci-dss-v-3-0-risk-assessment-frameworks-for-ecommerce-mobile-cloud-computing","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-dss-v-3-0-risk-assessment-frameworks-for-ecommerce-mobile-cloud-computing\/","title":{"rendered":"PCI DSS V.3.0: Risk Assessment Frameworks for Ecommerce, Mobile & Cloud Computing"},"content":{"rendered":"

The PCI Security Standards Council recently issued a press release about anticipated changes to the PCI DSS (Payment Card Industry Data Security Standards) and PA-DSS (Payment Application Data Security Standard) as a preview for the changes in the third version of the standards to be released November 2013.<\/p>\n

Version 3.0 features even more changes than version 2.0 as a result of a three-year standard development lifecycle, meaning the council has been conducting industry research since 2010 for the latest revisions. The press release names a few key drivers for the update include:<\/p>\n

    \n
  1. Lack of general PCI DSS education and awareness<\/li>\n
  2. Weak passwords and authentication challenges<\/li>\n
  3. Third-party security challenges<\/li>\n
  4. Slow self-detection in response to malware and other threats<\/li>\n
  5. Inconsistency in assessments<\/li>\n<\/ol>\n

    According to Troy Leach, PCI SSC chief technology officer, \u201cPCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, mobile acceptance or cloud computing<\/a>.\u201d<\/p>\n

    \"PCI<\/p>\n

    For third-party security challenges, transparency into the PCI compliant cloud<\/a> can deter merchants that try to gain visibility into cloud systems and processes, meaning security can be an issue. A few ways you can gain more transparency with PCI hosting providers<\/a> include:<\/p>\n

      \n
    1. Check their PCI Report on Compliance (ROC)<\/li>\n
    2. Check their documented security policies and procedures<\/li>\n
    3. Verify which services are included in the PCI cloud hosting<\/a> package<\/li>\n
    4. Check that their employees are trained to the PCI standards<\/li>\n<\/ol>\n

      Read Four Ways to Gain Transparency with PCI Hosting Providers<\/a><\/em> for a full description of each method.<\/p>\n

      Other proposed updates to the current PCI DSS standard include:<\/p>\n