Data Security Standard 3.2, published by the PCI Security Standards Council, took effect April 28, 2016 for all entities that store and transit data. The updated version ties a service provider’s upper management to responsibility for PCI compliance, commits all organizations to move to Transport Layer Security (TLS) protection for websites, and requires mandatory two-factor authentication for any individual(s) who have access to card data onsite. Service providers include issuers, acquirers, gateways, card processors, transaction processors, call center operators, back-up data centers, a...