PCI labels any 'version of SSL' as unacceptable for data protection
The PCI Security Standards Council is looking to revise its Data Security and Payment Application standards with its recent declaration that every version of the Secure Sockets Layer (SSL) certificate falls short of its cryptography requirements and is not a reliable form of data protection.
The announcement was made following the publication of a new report by the National Institute of Standards and Technology, which determined that SSL v3.0 — the most recent version of the internet connection protocol — presented a number of "inherent weaknesses" that made it vulnerable to data theft and an unreliable benchmark of cyber protection. Not only does this finding mark a change of direction for PCI's own data security standards, but could have profound … more