Because of Covid-19, many employees who have access to payments data are working from home, making it awkward if not impossible for data-security assessors to conduct onsite inspections. In response, the PCI Security Standards Council says it plans to make the next version of its data-security standard more reflective of changes in the workplace.
“With more employees working remotely, there needs to be a new approach to protecting payment data,” says Troy Leach, senior vice president for the PCI council. “The standard also needs to recognize there may circumstances that prevent an assessor from conducting an onsite assessment, such as travel advisories or restrictions relating to coronavirus, and that result in the assessment being conducted remotely.”