Sign in / up

back to article PCI Council says bye-bye to big bang standards upgrades

The PCI Security Standards Council is inching towards a “March/April timeframe” release of version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS). The headline item in the update will be the revised and rather later dates for migration away from Secure Sockets Layer (SSL)/Early Transport Layer Security (TLS …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. wyatt

    Ah, PCI-DSS. After all these years of it being part of card payment processors lives I still visit sites and work on equipment which doesn't have the basic requirements applied to it.

    3 0 Reply
    1. Gerhard Mack
      Reply Icon

      Been there, still have a copy of the report saying I passed the PCI-DSS audit. I cringe at the security practices I come across. My all time favorite was having to explain to a company I was doing business with why prefilling my payment form with my CCV2 number was a very bad idea.

      0 0 Reply
  2. Francis Boyle Silver badge

    Seriously

    I spent a non-negligible amount of time try to work out why you'd want SSL on an internal bus. Maybe it's time to move to FLA (four letter acronyms).

    2 1 Reply
    1. Chris Harden
      Reply Icon

      Re: Seriously

      You don't, you want TLS.

      And because, sniffing. I pop your DMZ and start listening to traffic on your internal networks you don't want me grabbing card numbers out of your switches you want to force me to have to dig deeper and go after your database.

      1 0 Reply
  3. Lunatik

    The number of good reasons for PCI-DSS to exist is eclipsed only by the number of project non-compliance/exception sign-offs about it.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like