The first big change for payments in 2015 took effect on January 1st when the deadline to meet PCI Data Security Standards (DSS) version 3.0 requirements passed. The Fraud Practice provides a quick overview of what has changed and what that means for organizations that must adhere to these standards.
The third version of the PCI Data Security Standards both expands on existing requirements and creates new ones. The number of PCI requirements increased by more than 25 percent from version 2.0 and there are now 408 requirements in total. This includes documenting more procedures around fulfilling requirements, more clearly defining PCI responsibilities in vendor contracts, enhanced penetration testing and maintaining more of a year-round approach to data security rather than a once-a-year, check-the-box mentality.