Changes in PCI DSS Version 3.2 with Mark Burnette

In April’s version 3.2, the PCI Security Standards Council decided to extend the deadline for removing SSL encryption requirements from environments from this summer to 2018, giving companies more time to move away from this commonly utilized encryption scheme and test alternate security routines. The postponement came after pushback from the industry stressing how intertwined SSL was with business practices. While migration is not necessary for two more years, the Council is encouraging companies with plans for earlier installation to continue their original plans without postponement.

“The Council wanted to acknowledge that removing SSL could cause production issues and have a major impact on many merchants, and therefore they wanted organizations to be able to go through the proper diligence, to do the testing necessary to migrate away from SSL to TLS, which is the SSL replacement,” said Mark Burnette, a shareholder with LBMC Information Security.

A second change mandates multi-factor authentication for all PCI administrators, requiring not only credentials, but also another factor, such as a code, token, or biometric, to verify access. Previously, multi-factor authentication had been required only when connecting remotely, but with the change to the PCI requirements, it will now apply to all administrators accessing the cardholder data environment regardless of their method of access. Though it may be inconvenient to the workflow at PCI-compliant institutions, the new procedure proves a victory from a security standpoint, making it more challenging for external parties with access to credentials to come into contact with sensitive information.

Work Opportunity Tax Credit (WOTC)

Work Opportunity Tax Credits are federal credits distributed at the state level. Businesses are entitled to claim tax credits for hiring individuals who are members of certain targeted groups. The amount of the credit ranges from $2,400 to $9,600 depending on which group the individual belongs to.

Tennessee Revenue Modernization Act

An important provision of the Act that went into effect in 2015 makes remotely accessed software subject to Tennessee’s sales and use tax in an effort to address a perceived shortfall in the law.

LBMC Investment Advisors Overview

Our independent, fee-only investment specialists provide financial peace of mind through coordinated investment and tax advice.