What’s New with PCI Compliance 4.0?
The Payment Card Industry Data Security Standard (PCI DSS) continuously updates security measures to keep merchants and their customers safe from fraud. The overall purpose of the compliance program is to build a safety net for consumers to make sure they’re protected against bad actors. It also streamlines merchants’ card payment operations. Since security measures change with the never-ending fraud threat, merchants need to stay on top of compliance continuously to keep fraudsters at bay.
The latest version, PCI Compliance 4.0, gives merchants roughly a year to adhere to the new or updated requirements since version 3.2.1 was retired in March 2024. These regulations provide a framework for businesses to follow to safeguard sensitive cardholder data, and ensure the efficient, error-free handling of card payment transactions. PCI 4.0 will help protect both customers and merchants from online thieves, hackers, and fraudsters, as well as benefit a business’s finances and its reputation, too.
The latest batch of PCI Compliance covers most of the same ground as prior versions’ requirements, with special attention paid to common areas of security like risk mitigation and access control. The last round of updates was driven by industry feedback and this version furthers the protection of payment data with new controls to address sophisticated cyber attacks.
What is New in PCI DSS 4.0?
There were many changes incorporated into the latest version of PCI Compliance. Below are examples of some of those changes. For a comprehensive view, please refer to the PCI DDS Summary of Changes.
Goal #1 – Continue to meet the security needs of the payments industry as ongoing threats change.
Examples:
• Expanded multi-factor authentication requirements.
• Updated password requirements.
• New e-commerce and phishing requirements to address ongoing threats.
Goal #2 – Promote security as a continuous process to protect data and keep up with ongoing criminal activity.
• Clearly assigned roles and responsibilities for each requirement.
• Added guidance to help people better understand how to implement and maintain security.
Goal #3 – Increase flexibility for organizations using different methods to achieve security objectives and foster payment technology innovation.
• Allowance of group, shared, and generic accounts.
• Targeted risk analyses empower organizations to establish frequencies for performing certain activities.
• Customized approach, a new method to implement and validate PCI DSS requirements, provides another option for organizations using innovative methods to achieve security objectives.
Goal #4 – Enhance validation methods and procedures to support transparency and detailed data.
• Increased alignment between information reported in a Report on Compliance or Self-Assessment Questionnaire and information summarized in an Attestation of Compliance.
Learn More About PCI Compliance:
Contact us online or call 1-800-621-8931.
Subscribe to Card Talk
Our monthly newsletter delivers the latest payments news straight to your inbox