PCI DSS 3.1 Changes – A 60 Second Guide

What’s the main change in PCI DSS 3.1?

The way we transmitted data securely on the internet using SSL encryption is no longer considered secure due to recently found weaknesses. As a result, the PCI DSS has been updated to remove SSL from its definition of Strong Encryption which is required to keep data safe.

What should we do?

Disable SSL entirely across all systems, and update your applications to use the latest encryption protocol, TLS v1.2. More information on how to do this can be found in the official PCI SSC information supplement.

When’s the Deadline?

In the interests of security, ASAP as any data you transmit using SSL is at risk. However, the PCI SSC and supporting payment card brands have given merchants until 30 June 2016 to comply with the new standard.