PCI Compliance – Deadline Moved

By /

Organizations Using SSL and Early TLS Encryption Must Change to a secure version of TLS (currently 1.1 or Higher) by June 2018

WAKEFIELD, Mass. Following significant feedback from the global PCI community and security experts, the Payment Card Industry Security Standards Council (PCI SSC), a global forum for the development of payment card security standards, today announced a change to the date that organizations who process payments must migrate to TLS 1.1 encryption or higher. The previous date of June 2016 has been moved to June 2018.

The original deadline date for migration, June 2016, was included in the most recent version of the PCI Data Security Standard, version 3.1 (PCI DSS 3.1), which was published in April of 2015. The new deadline date, June 2018, will be included in the next version of the PCI Data Security Standard, which is expected in 2016.

“Early market feedback told us migration to more secure encryption would be technically simple, and it was, but in the field a lot of business issues surfaced as we continued dialog with merchants, payment processors and banks,” said Stephen Orfei, General Manager, PCI SSC. “We want merchants protected against data theft but not at the expense of turning away business, so we changed the date. The global payments ecosystem is complex, especially when you think about how much more business is done today on mobile devices around the world. If you put mobile requirements together with encryption, the SHA-1 browser upgrade and EMV in the US, that’s a lot to handle.

And it means it will take some time to get everyone up to speed. We’re working very hard with representatives from every part of the ecosystem to make sure it happens as before the bad guys break in.”

“Some payment security organizations service thousands of international customers all of whom use different SSL and TLS configurations,” said Troy Leach, Chief Technology Officer, PCI SSC. “The migration date will be changed in the updated Standard next year to accommodate those companies and their clients. Other related provisions will also change to ensure all new customers are outfitted with the most secure encryption into the future. Still, we encourage all organizations to migrate as soon as possible and remain vigilant. Staying current with software patches remains an important piece of the security puzzle.” In addition to the migration deadline date-change, the PCI Security Standards Council has updated:

A new requirement date for payment service providers to begin offering more secure TLS 1.1 or higher encryption  A requirement for new implementations to be based on TLS 1.1 or higher. An exception to the deadline date for Payment Terminals, known as “POI” or Points of Interaction.

To answer questions about the migration deadline date-change and other requirement updates, the PCI Security Standards Council has recorded a webinar that includes the National Institute of Standards and Technology (NIST), which originally reported the vulnerabilities in SSL and early versions of TLS in 2014. Expert speakers from the Assessor community, who review and grade organizations on compliance with payment security requirements, are also on the webcast. In addition, a Bulletin on Migration has been created and is available for download from the PCI Security Standards Council website.

Merchants are encouraged to contact their payment processors and / or acquiring banks for detailed guidance on upgrading their ecommerce sites to the more secure encryption offered by TLS 1.1 or higher.

Contact Us today to discuss how Acorn Interactive can help your business grow.

The Right Strategy Can Pay Big Dividends.

The highly complex, multi-faceted business of product manufacturing is enough to make the average executive’s head spin. It’s little wonder, then that management in this sector leave a lot of the marketing to the distribution channel and, as a result, sales and brand value can suffer.

Your corporate website can play a major role in growing and reinforcing your company’s brands. The decision to choose one brand over another is frequently preceded by research – usually undertaken by the customer on one or more websites that may or may not include that of the manufacturer.

Therein lies the problem.

If the manufacturer’s website is not the active leader in search engine positioning and communicating the brand, then it by default, the task falls to its distributors, resellers, bloggers and even the competition. As a result the brand can become diluted, inconsistent and fall into the trap of differentiation by price alone.

The manufacturers website can have an enormous influence on any manufacturer’s sales and support ecosystem. In fact, it can literally reshape the way manufacturer’s products are perceived, priced, purchased, distributed and supported.

Manufacturers Have Many Special Requirements that Traditional Websites Fail to Address

Manufacturers’ websites also vary dramatically depending on the products and services offered and whether brands are consumer or business targeted (B2c or B2B). Many manufacturers also require consulting and creative services to correctly align their brands with the right target markets using appropriate brand communications.

In addition, existing customer relationships also rely on the manufacturer to provide a higher level of customer service based on price-points, specific service levels, etc.

Here are the features and services you should be considering when thinking about looking to revamp your corporate website.

The percentage of mobile users viewing your site will depend on the target demographic and market sectors targeted by your business. Restaurants for example will attract a much higher percentage of mobile users than restaurant purveyors. It’s important to have good web statistics in order to assess your current traffic and to plan accordingly.

Brand Reinforcement & Awareness

Manufacturing companies need to consider many factors in their marketplace to stand out above their competition. Here are some of the modules that will add value to the site and your customers:

  • A Multingual Content Management System (CMS)
  • Professional, Custom, brand-aligned Templates and color palettes
  • Creative approach to Brand and Product Identifiers/Trademarks/Logos
  • Content Development Services
  • News Module for case studies, product releases and industry events
  • A Comprehensive Products Module to showcase descriptions, specifications, images, videos, downloadable brochures, software and more
  • User Testimonials Module
  • Brand Management Module – ensure consistent brand representation and messaging across the channels.

Customer Support

  • FAQ Module to reduce customer support inquiries
  • Forum for reducing support costs
  • Support Desk Module to increase support effectiveness
  • Client Extranet to improve client communications
  • Downloads module for Manuals, Parts Lists, Software Drivers and more
  • Warranty Information
  • Parts and Accessories Ordering.

Sales

  • Employee Intranet
  • Sales CRM Module
  • Email Subscriptions and Broadcasts
  • Social Media Integration
  • Dealer Locators with built-in Google Maps Wayfinding
  • Built-in best practices for Search Engine Optimization (SEO)
  • Dealer/Distributor Extranet to handle orders, inventory, lookups etc.
  • Clear and compelling Opt-in Forms to generate leads and drive sales.

Contact Us today to discuss how Acorn Interactive can help your business grow.

Acorn Interactive Logo

Driving strategic growth and measurable results with AI to maximize profitability.

WEST COAST
P O BOX 814,
Rancho Santa Fe,
San Diego, CA 92067
619-778-3743

EAST COAST
6516 Manilla Palm Way
Apollo Beach, FL 33572
619-778-5651

3 Tips to Make Your Website Rank Better on Google
3 Tips to Make Your Website Rank Better on Google
Google 68 Release Requires SSL Certificates for all Sites
Scroll to Top