cgcompliance - kn

Recent advancements in technology have, in many ways, made our on-the-go lives easier and more flexible. But at the same time, our private data has become more and more vulnerable to data breaches, , making it even more important to understand PCI DSS compliance requirements.  

That’s because of consumer preference, the frequency of online transactions, and the fact that private data storage regulations are only recently beginning to come under the magnifying glass and mature.

What you should know regarding the key changes to SOC 2 reporting (TSP Section 100)

Any business that stores, transmits, or processes payment card data has a responsibility to ensure that those transactions are secure. The Payment Card Industry Data Security Standard (PCI DSS) has a path for that - it's called the PCI compliance checklist.

The PCI DSS issued a set of 12 high-level requirements known as the PCI compliance checklist. These requirements apply to merchants of all sizes that accept consumer credit and debit cards. At its core, the PCI compliance checklist is designed to protect consumer card data from fraud and data breaches. Although the requirements mandated by PCI DSS are not law, there are hefty fees and fines for non-compliance.

Recently implemented changes to the PCI Data Security Standard (DSS) include MFA requirements for companies to protect against breaches that could compromise payment card data.

 The European General Data Protection Regulation (GDPR) has transformed the way businesses think about protecting private data - not just in the EU, but worldwide. Organizations of all sizes and types, and cloud service providers small and large, must adjust to the notion that people now fully own information about themselves. I recently sat down with Patrick Townsend, Founder and CEO of Townsend Security, a company that specializes in data encryption and key management, to discuss GDPR, the right of erasure (also known as the right to be forgotten), and how to avoid bad key management practices that will result in GDPR compliance failures.

The looming PCI DSS 3.2 update deadline could present you with challenges or opportunities to protect your data and comply with regulations, depending on your current preparedness.