Sign in
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Tuesday, May 17, 2022
  • Sign in / Join
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home News Securing the Future of Payments: PCI SSC Publishes PCI Data Security Standard...
  • News

Securing the Future of Payments: PCI SSC Publishes PCI Data Security Standard v4.0

By
ITsec Bureau
-
April 1, 2022
13
Securing the Future of Payments PCI SSC Publishes PCI Data Security Standard v4.0-01 (1)

Today, the PCI Security Standards Council (PCI SSC), a global payment security forum, published version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS v4.0 replaces version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats. The updated standard and Summary of Changes document are available now on the PCI SSC website.

 

To provide organizations time to understand the changes in version 4.0 and implement any updates needed, the current version of PCI DSS, v3.2.1, will remain active for two years until it is retired on 31 March 2024. Once assessors have completed training in PCI DSS v4.0, organizations may assess to either PCI DSS v4.0 or PCI DSS v3.2.1. The standard also provides additional time for organizations to implement many of the new requirements. More information on the implementation timeline can be found on the PCI Perspectives Blog.

Feedback from the global payments industry drove changes to the standard. Over the course of three years, more than 200 organizations provided over 6,000 items of feedback to ensure the standard continues to meet the complex, ever-changing landscape of payment security.

Also Read: Four Ways Organizations can Address Cloud Security Risks

“The industry has had unprecedented visibility into, and impact on the development of PCI DSS v4.0,” says Lance Johnson, Executive Director of PCI SSC. “Our stakeholders provided substantial, insightful, and diverse input that helped the Council effectively advance the development of this version of the PCI Data Security Standard.”

Updates to the standard focus on meeting the evolving security needs of the payments industry, promoting security as a continuous process, increasing flexibility for organizations using different methods to achieve security objectives, and enhancing validation methods and procedures. Details about the updates can be found in the PCI DSS v4.0 Summary of Changes document on the PCI SSC website.

Examples of the changes in PCI DSS v4.0 include:

  • Updated firewall terminology to network security controls to support a broader range of technologies used to meet the security objectives traditionally met by firewalls.
  • Expansion of Requirement 8 to implement multi-factor authentication (MFA) for all access into the cardholder data environment.
  • Increased flexibility for organizations to demonstrate how they are using different methods to achieve security objectives.
  • Addition of targeted risk analyses to allow entities the flexibility to define how frequently they perform certain activities, as best suited for their business needs and risk exposure.

WATCH: “First Look at PCI DSS v4.0” a video featuring Council representatives discussing key changes to the standard.

“PCI DSS v4.0 is more responsive to the dynamic nature of payments and the threat environment,” says Emma Sutcliffe, SVP, Standards Officer of PCI SSC. “Version 4.0 continues to reinforce core security principles while providing more flexibility to better enable diverse technology implementations. These updates are supported by additional guidance to help organizations secure account data now and into the future.”

LISTEN: Coffee with The Council: A Preview of the PCI DSS v4.0 and Transition Training a podcast featuring Council representatives discussing what to expect with PCI DSS v4.0 and assessor training information.

In addition to the updated standard, supporting documents published in the PCI SSC Document Library include the Summary of Changes from PCI DSS v3.2.1 to v4.0, the v4.0 Report on Compliance (ROC) Template, ROC Attestations of Compliance (AOC), and ROC Frequently Asked Questions. Self-Assessment Questionnaires (SAQs) will be published in the coming weeks.

To support global adoption of PCI DSS, the standard and Summary of Changes will be translated into several languages. These translations will be published over the next few months, between March and June 2022.

The Council will provide additional information throughout the year to help the community understand the changes made to the standard. This includes the PCI DSS Symposium, an online education event available 21 June 2022 for PCI SSC community members. Training for assessors will be available in June. For a schedule of assessor training sessions consult the PCI SSC training resource page.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.

  • TAGS
  • Network Security Controls
  • PCI Data Security Standard v4.0
  • PCI SSC
  • protect account data
  • Secure Global Payment Data
Previous articleRed Canary Appoints Carbon Black Co-Founder Mike Viscuso to its Board of Directors
Next articleMage™ Names Les McMonagle the New Chief Strategy Officer
ITsec Bureau
http://itsecuritywire.com/

RELATED ARTICLESMORE FROM AUTHOR

cPacket Networks and AWS to Streamline Cloud Observability-01

cPacket Networks and AWS to Streamline Cloud Observability

Sysdig Open Source Is Expanded to Secure Cloud Services-01

Sysdig Open Source Is Expanded to Secure Cloud Services

Infinite Blue Partners with UK-Based Best BCM-01

Infinite Blue Partners with UK-Based Best BCM

Latest posts

TrapX Security, Track Threat Actors

TrapX Security Launches New Service to Track Threat Actors

April 28, 2020
Kasten

Kasten Introduces Multi-Cluster, Multi-Tenant Kubernetes-Native Data Management in K10 v3.0

November 12, 2020
Elastic and Confluent Partner to Develop Enhanced Experience for Kafka and Elasticsearch Users

Elastic And Confluent Partner To Develop Enhanced Experience For Kafka And Elasticsearch Users

April 9, 2021
Skybox Security Delivers Industry's Most Advanced Exposure Analysis-01

Skybox Security Delivers New Prescriptive Vulnerability Remediation Solution

June 23, 2021
New Masslogger Trojan Reinvented to Steal User Credentials

New Masslogger Trojan Reinvented to Steal User Credentials

February 22, 2021


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Three Potential Solutions to the Cybersecurity Talent Shortage
  • Three SaaS Security Threats and Risks Enterprises Must Address
  • Three Strategies for IT leaders to Deal with Inflation
  • cPacket Networks and AWS to Streamline Cloud Observability
  • Sysdig Open Source Is Expanded to Secure Cloud Services

Visit Our Other Publication

Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy