WiredTree, a a provider of dedicated servers and VPS hosting, has issued an advisory reminding web hosting users about their responsibilities under the Payment Card Industry Data Security Standard (PCI DSS), version 3.0 of which comes into full effect on 1 January 2015.
It has been estimated that to be fully ready by January 2015, businesses should have started to implement the changes by June 2014; those who have not yet started implementing the changes have limited time remaining, according to WiredTree.
“While the changes to the PCI DSS requirements are not a whole-scale rewriting, there are changes to some requirements that may catch web hosting users unawares,” said Zac Cogswell, President of WiredTree. “At WiredTree, we’re fully prepared for the transition, but web hosting users handling credit card data have responsibilities under the requirements as well.”
Web hosting clients and e-Commerce retailers should be particularly focused on changes mandating that cardholder data users explicitly document which controls are managed by vendors and infrastructure suppliers and which are their own responsibility. A full list of the changes can be reviewed in PCI DSS: Summary Of Changes Document.
For cardholder data users with audits at the beginning of next year, who have not begun the transition to the new standard, time is running out to properly implement the changes. For those with audits later in the year, work should start soon on preparing new processes.