×

Error message

  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 687 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 690 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 691 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 692 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 695 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_environment_initialize() (line 697 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in include_once() (line 340 of /home/ifactory/public_html/sites/default/settings.php).
  • Warning: ini_set() has been disabled for security reasons in include_once() (line 341 of /home/ifactory/public_html/sites/default/settings.php).
  • Warning: ini_set() has been disabled for security reasons in include_once() (line 349 of /home/ifactory/public_html/sites/default/settings.php).
  • Warning: ini_set() has been disabled for security reasons in include_once() (line 356 of /home/ifactory/public_html/sites/default/settings.php).
  • Warning: ini_set() has been disabled for security reasons in drupal_settings_initialize() (line 791 of /home/ifactory/public_html/includes/bootstrap.inc).
  • Warning: ini_set() has been disabled for security reasons in drupal_settings_initialize() (line 800 of /home/ifactory/public_html/includes/bootstrap.inc).
PCI compliance will now demand a minimum of TLS v1.1

PCI compliance will now demand a minimum of TLS v1.1

It's easy to become complacent when it comes to PCI compliance. However, it's important to remember that just because you've got your system up to date, that doesn't mean hackers aren't still working hard to figure out new ways of accessing sensitive information. Not only will making sure you're up to date with the latest PCI DSS ensure your systems are safe, but it will also help your company to avoid any fines that will come about as a result of lax security.

The deadline for updating your systems to meet PCI DSS regulations is February 2018, so it's important for companies to start making updates now. As things stand currently, the rules in PCI DSS 3.2 are considered heavily advisable for companies, but from the February deadline onward, 3.2 will become the legally mandatory requirements. 

So, as a business that needs to consider PCI DSS, here are just a few of the changes to the requirements that you'll need to bear in mind ahead of deadlines in 2018:

Authentication changes

Whereas previously, with PCI DSS version 3.1, your company would only need to accommodate for two-factor authentication, this is changing in February. However, it's important to note that this is not too drastic a change, it simply means that businesses must be prepared for more than just two forms of authentication.

Included in this change is the fact that multi-factor authentication will now be a requirement for non-console administrative access. This is in addition to the current requirements, which only extend to remote access for the card holder environment.

TLS v1.1 is now a minimum requirement

All previous encryption methods which came before TLS V1.1 are no longer considered viable methods. The new PCI DSS 3.2 requirements state that by June 2018, all companies must have migrated to an encryption method that is either TLS v1.1 or equivalent. It's a good idea to even consider the more recent TLS v1.2, as it's likely that industry requirements will soon shift to v1.2. 

Using a recent encryption system isn't just important for complying with the new PCI DSS, however. Without recent technology that hackers are yet to understand, you are leaving your business and your customers vulnerable to fraud. By updating your systems generally, you can help to avoid this. 

Being DSS/PCI compliant means that we can no longer support Internet Explorer 10. As it stands, Internet Explorer 10 does not support TLS v1.2, which is the minimum requirement for DSS/PCI compliance. 

What is PCI compliance?

Before answering this burning question, it's helpful to begin by looking at what PCI (and its counterpart DSS) stands for — Payment Card Industry Data Security Standards.

These are a set of requirements that are to be followed by all companies and merchants accepting payment from customers via credit or debit card. If you're a business owner and you accept, process, transmit or store cardholder data, then you're required to comply with PCI Security Standards to ensure a secure payment card environment. PCI compliance is expected of all Australian business, irrespective of their size.

iFactory is a leading digital agency located in Brisbane, Australia. With years of experience in the industry, we help satisfied clients with their digital queries every day. If you need help ensuring complete PCI DSS compliance in line with the new standards, or with any other element of ecommerce systems integration, why not get in touch with us today. A member of our friendly team will be happy to tell you more about the services we offer or answer any questions you might have.

Latest Posts

November 13, 2018
A popular blog can play an important role in digital marketing strategy. However, driving readers to your blog is easier said than done. It isn't...
November 8, 2018
In this digital day and age, web design reigns supreme, especially in a competitive marketplace such as Brisbane. Think of a website as your new...
November 6, 2018
About the ClientThe Royal Brisbane and Women’s Hospital (RBWH) is Queensland’s largest hospital. As a teaching and research hospital, it’s...