• Reinforcement of need for thorough scoping exercise prior to PCI DSS assessment in order to understand where cardholder data resides
• Support for centralized logging included in PA-DSS to promote more effective log management
• Validation, within certain requirements, of risk-based approach for addressing vulnerabilities, allowing organizations to consider their specific business circumstances and tolerance to risk when assessing and prioritizing vulnerabilities
• Greater alignment between PCI DSS and PA-DSS to facilitate stronger security practices.

For the detail information for changes, please visit https://www.pcisecuritystandards.org/pdfs/summary_of_changes_highlights.pdf

PCI-DSS compliance simply a framework to prevent data loss and customer credit card data.

Every merchant has to be PCI compliant if you process credit cards.

Being PCI compliant doesn’t mean that there wouldn’t be any data breaches. It is simply best practices to eliminate such occurance. Advantage of PCI compliance is that; if you suffer from an data breach incident your fines wouldn’t be as bad as another merchant without a PCI compliant setup.

Depending on your PCI level your networks needs to be periodically scanned for malicious activity. It can be done in-house by using self assessment questionnaire or hire an outside consultant to do the necessary tasks. Here is the full list of  approved scanning vendors.