Any time the Payment Card Industry (PCI) Security Standards Council releases an update to its Data Security Standard (DSS), it raises a new set of questions and concerns. The latest update, PCI DSS v3.2, came out on 4/28/16. It primarily impacts service providers and is focused on the implementation of best practices into the Standard. (For a detailed breakdown of the changes, check out Steve Levinson’s blog on the release.) One of the biggest changes in this update is the requirement to have penetration testing on the segmentation (if used) at least twice a year – this will have a significant impact on service providers and is something you need to understand and prepare for.