PCI DSS 3.1 Changes – A 60 Second Guide

What’s the main change in PCI DSS 3.1?

The way we transmitted data securely on the internet using SSL encryption is no longer considered secure due to recently found weaknesses. As a result, the PCI DSS has been updated to remove SSL from its definition of Strong Encryption which is required to keep data safe.

What should we do?

Disable SSL entirely across all systems, and update your applications to use the latest encryption protocol, TLS v1.2. More information on how to do this can be found in the official PCI SSC information supplement.

When’s the Deadline?

In the interests of security, you should update to the latest PCI DSS standard immediately as any data you transmit using SSL is at risk. Currently, all vendors must comply with PCI DSS 3.2 requirements. Additionally, new standards for PCI DSS 4.0 are on the horizon and will be required by 2025.