What is the PCI Data Security Standard?
The PCI Data Security Standard (PCI DSS) is a global standard that provides a foundation of technical and operational requirements designed to protect payment data. PCI DSS v 4.0 is the next evolution of the standard.
What are the Objectives of PCI DSS v 4.0?
1.Continue to meet the security needs of the payment industry.
2.Promote security as a continuous process
3.Add flexibility for different methodologies
4.Improve validation methods
What is the schedule for PCI DSS V 4.0 implementation?
What’s new in PCI DSS v4.0?
Many changes have been incorporated into the latest version of the Standard. Below are examples of some of these changes:
1.Continue to meet the security needs of the payments industry.
Why is this important? Security practices must evolve as threats change.
Examples:
– Expanding multi-factor authentication requirements.
– Updated password requirements.
– New requirements for e-commerce and phishing to address current threats.
2.Promote security as an ongoing process.
Why is it important? Criminals never sleep. Continuous security is crucial to protect payment data.
Examples:
– Clear assignment of roles and responsibilities for each requirement.
– Guidance has been added to help better understand how to implement and maintain security.
– New reporting option to highlight areas for improvement and provide more transparency to report reviewers.
3.Increased flexibility for organizations using different methods to achieve security objectives.
Why is this important? Greater flexibility allows more options to achieve a requirement’s objective and supports payment technology innovation.
Examples:
– Allowing group, shared and generic accounts.
– Specific risk analyses allow organizations to set frequencies for performing certain activities.
– The customized approach, a new method for implementing and validating PCI DSS requirements, provides another option for organizations using innovative methods to achieve security objectives.
4.Improve validation methods and procedures.
Why is this important? Clear validation and reporting options support transparency and granularity.
Example:
– Increased alignment between the information reported in a Compliance Report or Self-Assessment Questionnaire and the information summarized in a Certificate of Compliance.
For a complete overview, you can refer to the summary of changes from PCI DSS v3.2.1 to v4.0, which can be found in the PCI SSC document library.
