Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Advisories
Privacy & Security

PCI DSS v. 3.2: New Requirements Coming to Protect Your Customers’ Wallets

By Courtney K. Stout and Bryan Thompson
07.12.16
Share
Print this page

The Payment Card Industry (PCI) Security Standards Council (PCI Council) released Version 3.2 of the PCI Data Security Standard (PCI DSS), containing several new requirements for merchants, acquirers, and other entities that accept, transmit or store cardholder data in order to protect customer payment card information.  The new release focuses on mitigating current vulnerabilities identified in data breach reports, including those presented by third party service providers, authentication protocols, and outdated encryption.  The changes are also intended to help companies maintain and effectively test compliance between annual PCI assessments. Among its changes, Version 3.2 will require multi-factor authentication for administrative access to the cardholder data environment, impose several new requirements specific to service providers, and extend the Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) for non-service providers to June 30, 2018.

Version 3.2 will officially replace the current PCI DSS Version 3.1 on October 31, 2016, but many of Version 3.2’s new requirements will be deemed “best practices” until compliance becomes mandatory on February 1, 2018. While the compliance deadline may seem far away today, some of the required changes – such as negotiating new contracts or replacing authentication systems and processes – may take a considerable amount of time to implement. Companies should use this two-year window to review their security practices and make all necessary changes to guarantee adherence once Version 3.2 goes live, and avoid potential con-compliance fines from the payment card brands.

Please click here to read our in-depth analysis of the PCI DSS Version 3.2 and the impact its changes may have on your business, developed in conjunction with and published by NetDiligence, an enterprise-level cyber risk assessment and data breach services company.

Related Articles

2025
Feature
Financial Services
New Administration Outlook: Helping You Navigate Post-Election Uncertainty in 2025 and Beyond Read More External Link
03.25.25
Publications
Artificial Intelligence
Co-author, "Privacy Law Issues for Developers and Deployers of Generative Artificial Intelligence," LexisNexis Read More External Link
02.27.25
Webinars
Privacy & Security
"Securing Americans' Sensitive Data: Understanding the DOJ's New Final Rule," Davis Wright Tremaine Webinar Read More
DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO
SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.