The Payment Card Industry Data Security Standard (PCI DSS) is an established standard that declares a set of Policies and Procedures designed to improve the security of payment cards and ensure cardholders against violation of their data.
Certification of PCI from PCI DSS assures the protection of payment card information through a set of terms set by the PCI Security Standards Council (SSC). These contain some standard best practices such as installing firewalls, encryption of data transmissions, and anti-virus software.
PCI SSC released PCI DSS Version 3.2.1 with a minor change to the PCI Data Security standard that companies around the world use to protect payment card information during, before, and when a sale is made.
PCI DSS version 3.2.1 replaces version 3.2 to account for valid dates and SSL/early TLS migration deadlines that have passed. There are not any new requirements in PCI DSS 3.2.1, therefore PCI DSS 3.2 remains valid through 31 December 2018 and will be retired as of 1 Jan 2019.
PCI SSC Chief Technology Officer Troy Leach says
“It is critically important that organizations disable SSL/early TLS and upgrade to a secure alternative to safeguard their payment data.”
Well-known SSL/early TLS has several vulnerabilities, e.g. Heartbleed, BEAST, POODLE, and CRIME, making it very risky for defending data. The modifications include: