Austreme has completed its annual PCI-DSS (Payment Card Industry Data Security Standard) onsite audit, with the latest version – 4.0.1. This certificate is a Service Provider Level 1.
Some changes from PCI DSS v4.0 to v4.0.1 include:
Requirement 3
- Provided clarified applicability notes for issuers and companies that offer issuing services.
- Introduced a Customized Approach Objective and specified applicability for organizations that use keyed cryptographic hashes to make Primary Account Numbers (PAN) unreadable.
Requirement 6
- Restored language from PCI DSS v3.2.1, stating that the 30-day timeframe for installing patches or updates applies solely to “critical vulnerabilities.”
- Included applicability notes to explain how the requirement regarding the management of payment page scripts is relevant.
Requirement 8
- Incorporated an applicability note indicating that multi-factor authentication for all (non-administrative) access to the Cardholder Data Environment (CDE) does not apply to user accounts that are solely authenticated using phishing-resistant authentication factors.
Requirement 12
- Revised applicability notes to clarify several aspects regarding the relationships between customers and third-party service providers (TPSPs).
Austreme’s TLD solution is the only transaction laundering monitoring tool in the world that complies with PCI-DSS.