Payment Card Security Support Consultation Offered by VIMRO LLC
Reston, VA, January 5, 2016 (Newswire.com) - The Payment Card Industry Security Standards Council (PCI SSC) has just extended the deadline by which businesses utilizing payment cards must switch to secure systems.
PCI SSC Extends Migration Date for Unsecure SSL/TLS Data Security Versions.
The new date of June 2018 offers additional time to migrate to more secure protocols, but waiting is not recommended. The existence of the POODLE and Heartbleed exploits, among others, prove that anyone using SSL and early TLS risks being breached.
Michael Horsch Fizz, Principal Analyst and CBDO
On December 18, 2015, the PCI SSC issued a notification [1] extending the original switch-by deadline of June 2016, to June 2018 for all businesses that store, process or transmit cardholder data (or that allow third parties access on their behalf). This is an important opportunity for organizations which still process card payments using vulnerable versions of SSL and TLS.
In addition to the date-extension notification, a Bulletin on Migration [2] and a webinar [3] were released, providing answers to common questions about timelines and requirements. These resources provide great information, and VIMRO encourages you to follow the advice given as soon as possible. As the Bulletin on Migration states:
The new date of June 2018 offers additional time to migrate to more secure protocols, but waiting is not recommended. The existence of the POODLE and Heartbleed exploits, among others, prove that anyone using SSL and early TLS risks being breached.
Clearly, while this extension allows organizations more time to migrate, it also allows cyber criminals more time to exploit companies’ vulnerabilities. VIMRO warns that keeping your data secure is not something that should be taken lightly, or put off for later. It is critical to your company’s security and reputation that you move away from these weak protocols as soon as possible - the longer your organization waits, the higher the impact of a breach will be. For example:
- lost revenue
- lost reputation with customers
- high costs to mitigate the incident
- censure from other businesses, and/or media for not switching to a secure system in a timely manner
VIMRO LLC is offering consultations to help organizations avoid the high costs of a payment card data breach, and take swift advantage of the extension offered by the PCI SSC. Contact VIMRO's PCI QSA Team at 800-272-0019 EXT 6 to schedule a phone consultation, and make your data secure today.
ABOUT VIMRO, LLC
As a PCI QSA, VIMRO LLC is the trusted cyber security partner to clients nationwide by providing the most relevant, validated security and networking solutions in the industry. VIMRO’s foundation is based on an exclusive community of vetted industry experts who are empowered by a culture of achieving measurable outcomes and results. In the U.S., visit VIMRO, LLC at www.vimro.com.
[1] PCI SSC Revision Date Press Release for Migration from Vulnerable Versions of SSL and TSL: https://www.pcisecuritystandards.org/pdfs/15_12_18_SSL_Webinar_Press_Release_FINAL.pdf
[2] Bulletin on Migration: http://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
[3] Migrating from SSL and Early TLS Webinar: http://info.pcisecuritystandards.org/webinar-migrating-from-ssl-early-tls
Share:
Tags: PCI, PCI QSA, Risk, SSL/TLS