PCI DSS version 4 release coincides with Eckoh's compliance anniversary
By: Eckoh plc
Maintaining continuous compliance to PCI DSS is a major achievement. It requires dedication and expertise – not just once a year at the time of assessment but every day.
Nik Philpot, CEO at Eckoh comments, "This tremendous achievement is testament to the dedication, vigilance and hard work of Eckoh employees. There is no doubt that Eckoh's security and compliance credentials lead the sector and offer clients the most robust and reliable way to achieve and maintain PCI DSS compliance."
Things are about to change
With Card-Not-Present fraud set to reach £680m in the UK by 2021  as well as increasing regulation such as GDPR and MiFID II, it is timely that the PCI SSC will issue the fourth version of the DSS involving major changes to the standard.
Compensating controls won't do any longer
Dave Holliday, Global IT Director at Eckoh said, "What this essentially means is, with version 4, organisations will no longer be able to use compensating controls to help achieve PCI DSS compliance. Currently, if an organisation does not meet a DSS requirement it could use 'compensating controls' to define and manage business or technical constraints. The QSA does not test these but will agree if they consider them to be sufficient.
In DSS version 4 the validation method means that not meeting a DSS requirement will no longer be an option. Consequently, the organisation will have to define a way to meet the intent of the requirement and, together with the QSA, they will work out how to test it.
These changes are designed to give greater flexibility for organisations around the controls in use and it aligns with a risk-based approach and maintains the DSS as technology and industry-wide best practice."
Nik Philpot, CEO at Eckoh, continues, "The new standard will pose a huge challenge for many and we'd recommend working with an expert in contact centre security – such as Eckoh - to make sure any solution fully de-scopes the contact centre and minimises the ongoing management of compliance. As the leader in contact centre technology, we've a track record of creating innovative solutions that have helped evolve card-not-present payments. As a result, we have a unique portfolio of solutions to tackle the challenges the industry and our customers are facing."
 National Audit Office
For more information contact MediaResponseUK@
or visit http://www.eckoh.com