What You Need to Know About PCI DSS 4.0’s New Requirements

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

The PCI Standards Security Council (PCI SSC) published the latest update to the PCI Data Security Standard (PCI DSS) this week. The gold standard for retailers and financial organizations when it comes to protecting sensitive cardholder data, PCI DSS v4.0 shifts the standard’s focus to outcome-based requirements.

Much has changed since the preceding version of the standard, v3.2.1,was published back in 2018. Fueled by the pandemic, online transactions and the use of point-of-sale (PoS) machines have skyrocketed, technology has evolved, and cloud platforms are used extensively for storing cardholder data. Attackers have also advanced their tactics targeting the payments industry.

What Is New in PCI DSS 4.0?
The 12 core PCI DSS requirements did not fundamentally change with PCI DSS v4.0, and they remain the critical foundation for securing payment card data. However, the requirements have been redesigned to focus on security objectives to guide how security controls should be implemented.

The key high-level goals for PCI DSS v4.0 are:

Ensure the standard continues to meet the security needs of the payments industry. Add flexibility and support of additional methodologies to achieve security. Promote security as a continuous process. Enhance validation methods and procedures.

Even though PCI DSS 4.0 keeps the existing prescriptive method for compliance, the new version introduces an alternate option for meeting compliance: customized implementation. Customized implementation considers the intent of the objective and allows entities to design their own security controls to meet it. This change will allow businesses to modify implementation

Read more

Explore the site

More from the blog

Latest News