Who Has to Comply?
Similar to previous versions of PCI DSS, version 3.2.1 applies to any organization processing, storing, or transmitting cardholder data. This includes anyone from the smallest local shop to largest financial institutions. There are not exemptions based on the size of the organization or the number of transactions- every business who handles cardholder data is responsible for compliance.
When Does Version 3.2.1 Come into Effect?
The latest version of PCI was actually published back in April 2016, but the council gave organizations a considerable grace period for implementing changes. Until January 31, 2018, the updates were (Read more...)