PCI DSS version 4 release coincides with Eckoh's compliance anniversary

HERTFORDSHIRE, U.K. - Oct. 25, 2019 - PRLog -- Eckoh plc (AIM: ECK) have achieved a milestone event, its tenth year of compliance to the Payment Card Industry Data Security Standard ("PCI DSS") at level 1. Simultaneously, the PCI Security Standards Council ("PCI SSC") has announced the release of the first draft of DSS version 4, which contains some significant changes.

Maintaining continuous compliance to PCI DSS is a major achievement. It requires dedication and expertise – not just once a year at the time of assessment but every day.

Nik Philpot, CEO at Eckoh comments, "This tremendous achievement is testament to the dedication, vigilance and hard work of Eckoh employees. There is no doubt that Eckoh's security and compliance credentials lead the sector and offer clients the most robust and reliable way to achieve and maintain PCI DSS compliance."

Things are about to change

With Card-Not-Present fraud set to reach £680m in the UK by 2021 [1] as well as increasing regulation such as GDPR and MiFID II, it is timely that the PCI SSC will issue the fourth version of the DSS involving major changes to the standard.

Compensating controls won't do any longer

Dave Holliday, Global IT Director at Eckoh said, "What this essentially means is, with version 4, organisations will no longer be able to use compensating controls to help achieve PCI DSS compliance. Currently, if an organisation does not meet a DSS requirement it could use 'compensating controls' to define and manage business or technical constraints. The QSA does not test these but will agree if they consider them to be sufficient.

In DSS version 4 the validation method means that not meeting a DSS requirement will no longer be an option. Consequently, the organisation will have to define a way to meet the intent of the requirement and, together with the QSA, they will work out how to test it.

These changes are designed to give greater flexibility for organisations around the controls in use and it aligns with a risk-based approach and maintains the DSS as technology and industry-wide best practice."

Nik Philpot, CEO at Eckoh, continues, "The new standard will pose a huge challenge for many and we'd recommend working with an expert in contact centre security – such as Eckoh - to make sure any solution fully de-scopes the contact centre and minimises the ongoing management of compliance. As the leader in contact centre technology, we've a track record of creating innovative solutions that have helped evolve card-not-present payments. As a result, we have a unique portfolio of solutions to tackle the challenges the industry and our customers are facing."

[1] National Audit Office
For more information contact MediaResponseUK@eckoh.com
or visit http://www.eckoh.com
Email:***@eckoh.com Email Verified
Tags:Pci Dss
Location:Hertfordshire - Hertfordshire - England
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Eckoh plc News
Most Viewed
Daily News

Most Viewed
Daily News
PTC News

Oct 25, 2019 News

Like PRLog?
Click to Share