The PCI DSS would very soon be version 3.0, so what are the changes we can expect? Storefrontbacktalk published an article on the coming changes, some of the changes are:
- Searching For Cardholder Data. This will require merchants to search for cardholder data on all their networks and systems, it does not have to be in an automated fashion, which may cost a lot but a formal and repeatable manual process.
- One-Way Hashing Of PANs. This will require merchants to use either truncation (deleting all but the first six digits and last four digits) or a secure one-way hash that cannot be reversed.
- Tokenization and End-to-End Encryption. PCI council is expected to produce position papers that provide clarifications and guidance on a range of emerging technologies like tokenization and End-to-End Encryption. If you are interested in what tokenization and end-to-end encryption is before these come out, read on.
End-to-End encryption ensures that all data in transit from the source where the card data originates to the destination where the card data gets stored is encrypted. This may mean all the way from the merchant's POS machine to the server at the processing authority or till where merchant's perimeter (or for that matter merchant's liability) ends.