What You Need to Know : PCI DSS Standards 2.0 VS 3.0
Posted: Jul 20, 2014
PCI DSS stands for Payment Card Industry Data Security Standards. It is meant to improve the data of cardholders and ease the endorsements of data security measures globally. This began as a way to protect cardholder data. They maintain a firewall to look after this data.
This firewall allows them to block harmful things from accessing cardholder data. They are always testing security systems and offering firewall updates. What more could you ask for? We will study which is the better of the versions. PCI DSS version 2.0 or version 3.0?
2.0 VS 3.0
What was once 1.2.1 was updated to version 2.0 in October of 2010? Version 2.0 was a better and stronger version of the previous one. PCI DSS 2.0 had many benefits such as guidance for assessors and an updated form of the assessment process. There were others up until they developed version 3.0 in November of 2013.
PCI DSS version 3.0 soon had more than what version 2.0 did with a lot of different updates. Version 3.0 added a new heading to separate the scoping area from the sampling area. It also had a whole new section that gives business guidance for projecting security into business activities. These BAU or business-as-usual activities control PCI DSS conformity. These were some of the things that version 2.0 did not have.
Pros and Cons of 3.0
While there are many new and interesting things on PCI DSS version 3.0, there are still some downsides to it. What are they? That is a good question that we are about to research. There are so many requirements that are constantly evolving.
This is a con. Change is something that everybody has to adjust to and it can be a little irritating. The pro of this is that it is a change for the better. These changes are meant to help the efficiency of PCI Compliant Hosting and in turn, this will protect cardholder’s data. Sometimes change is necessary. As seen in the earlier version 1.2 and 2.0, the version of 3.0 is the same with subtle and improved changes.
A pro is one of the newest features of version 3.0. One of their recent updates is that they have a new requirement that takes care of any broken authentication or session managements. This is a useful tool when protecting cardholder data. That is what PCI DSS is all about, protecting the data of their users?
Common Abbreviations, Terms, and Acronyms
AAA is an acronym for their protocol of "authentication, authorization, and accounting". This determines the user’s authentication as well as the account of how much network resources that they use.
Your account data will contain all your information and contain sensitive data specifically for your account. Your PAN or Primary Account Number may be with your account data as well.
Anti-Virus is a pretty clear term. Everybody knows what this is but we will explain it anyway. Anti-virus is a firewall used to protect cardholder’s data. This software has the ability to detect and remove any malicious or harmful material.
We spoke about BAU earlier in this article. BAU stands for Business As Usual. This is basically the average business operations that happen on a normal, daily scale. This is what PCI DSS consists of with a regular schedule. Its acronym says it all.
Cardholder would be the customer that receives a payment card. This authorizes the individual cardholder to use the card anytime. Cardholder data may be related to this. Cardholder data is the full information for your Primary Account Number (PAN). It also contains the customer name, expiration date and service code.
Issuer is one of the many common terms that is used with PCI DSS. The issuer is the one who sends the payment card to the customer. They also deal with the banks and other financial related stuff. A sometimes difficult but necessary job.
IPSEC stands for Internet Protocol Security. This method is the usual one that is used to guard IP communications. By guarding these communications, they help against viruses and other issues related to intrusions. This method works by encrypting or authenticating any and all IP communications.
Old or New? Which is better?
Is one really better than the other? Both PCI DSS 2.0 and 3.0 have been expanded and improved upon. With each one, everybody has their likes and dislikes. However, they have to get used to the newest version as with anything. It is the one that they will be using until it has been updated and another version is released.