PCI DSS Security Deadlines Are Extended - But Don't Stop Running!

Posted on 5/26/2016 by in PCI DSS 3.1 PCI 3.1 PayPal UPS Authorize.NET FedEx
image

The maddening PCI Compliance race has been extended a little longer - just before the finish line. But you need to stay in the race!!

Businesses have been racing against time to complete the PCI Compliance update to their eCommerce site.  Deadlines as close as May 31, 2016 have been threatening businesses who must increase online security or deal with their eCommerce site features shutting down, losing sales and accumulating potential fines.  But at the last hour, while many businesses have been rushing to make the necessary changes (and in some cases, exceeding budgets) it’s all been changed!

When a company transmits data securely over the Internet, like credit card or private information, the data is encrypted to protected it from exposure. The Payment Card Industry Security Standards Council increased security standards dramatically in their April 2015 publication of the PCI DSS 3.1 standard, having a final due date for implementing the requirements (like adding support for TLS 1.2) of June 30, 2016. Service companies such as shipping providers and credit card payment gateways have set their own deadlines to keep themselves compliant.  These changes are forcing eCommerce platforms and hosting environments to be upgraded in order to work with these third party providers.   

The PCI Council has extended the deadline to June 30, 2018 at which time these standards are to be met.  The third party providers have followed suit in extending their deadlines enabling everyone to breath a little easier... for now!!

Here are the new deadlines that have been announced so far:

 Company  Update  Original Deadline   New Deadline 
 UPS (Shipping Provider) 
 End support for TLS 1.0   May 31, 2016  No future date set 
 PayPal (Online Payment)   Must use TLS 1.2   June 17, 2016   June 30, 2017
 Authorize.Net (Credit Card Gateway)   Must use TLS 1.2  Early 2017   No future date set 
 FedEx (Shipping Provider)  Must use TLS 1.2  March 2016   August 1, 2016 
 PCI DSS 3.1 (Standards Council)   Must use TLS 1.2   June 30, 2016   June 30, 2018 

PCI SSC has also suggested in their Q&A to not wait to migrate to the new protocols. PCI SSC stated, “The new date of June 2018 offers additional time to migrate to more secure protocols, but waiting is not recommended…”

The common message online is “don’t wait” to make these changes. The deadlines are still close at hand and updates can take much more time than expected. Additionally, just because the deadlines have been pushed out doesn’t lessen the security risk. Older protocols such as SSL, TLS 1.0, and TLS 1.1 have been breached in the past. The most secure protocol available today is TLS 1.2.  So don't quit the race, just take a breath and keep going.

Photo Credit: 
Lovejoy Photography and Heritage Maker - Mary Beth Lovejoy - http://www.lovejoy-photography.com 


RECENT ARTICLES

Posted on 11/14/2017 by Equatek Interactive
Posted on 11/14/2017 by Equatek Interactive
Posted on 10/26/2017 by Equatek Interactive in Tips for Your Business
Posted on 10/26/2017 by Equatek Interactive
Posted on 10/4/2017 by Equatek Interactive