Plan Now For PCI DSS 4.0 |

Plan Now for PCI DSS 4.0

2022-08-13 13:04:39 By : Mr. sealock sealock

New payment security standards will go into effect in 2024.

The requirements to meet to ensure that you and your clients comply with the Payment Card Industry Data Security Standard (PCI DSS) have been the same for the past five years – but that’s about to change.

Fred Clayton, Manager of Information Security and Compliance for First American Payment Systems, explains that after a few rounds of comments from the industry, the Payment Card Industry Security Standards Council (PCI SSC) has begun work on PCI DSS 4.0. The new standards are expected to be published in mid-2021 and will replace v. 3.2.1 in 2024.

Professionals working in payment security are anxious for the update but complying with new requirements may cause some challenges. Clayton explains, “Many security controls from 3.2.1 will be enhanced to meet newer security control requirements. For many businesses, it will be a shock to comply with v. 4.0 since they may be several security platforms or technologies behind.”

According to the PCI Security Standards Council the timeline from when PCI DSS 4.0 is completed in mid-2021 until it goes into effect in early 2024 provides time to roadmap your organization into a compliance posture. “It may take at least that long to move customers from one platform to another or to update your technology,” Clayton says.

Clayton says one of the biggest changes in PCI DSS 4.0 is moving from the strict adherence to the 12 security requirements of 3.2.1 to 4.0 that provides greater flexibility in achieving security compliance. “With 4.0, the foundational 12 requirements remain but are enhanced however organizations can choose to build their security strategy around the traditional 12 requirements or develop their own customized controls that address the intent of the security standards,” he says. With this greater flexibility, however, businesses will have to provide proof via assessment and documentation that their solutions are effective.

Although PCI DSS 4.0 controls are not published at this time, some of the changes that are expected include:

Clayton says independent software vendors (ISVs) whose solutions and apps support Europay, MasterCard, Visa (EMV), point-to-point encryption (P2PE), and tokenization are well-positioned for continued compliance when PCI DSS 4.0 is in effect. However, working with a payments partner with robust security controls may be the most expedient and cost-effective way to ensure that you and your clients comply with the balance of new standards. “It’s a good way to make sure that security on the backend is done,” Clayton comments.

He also encourages ISVs who have been considering becoming payments facilitators (PayFacs) to consider how PCI DSS 4.0 will change the landscape and the new requirements you would have to meet. “4.0 gives you greater flexibility, but it also requires stricter controls. It may be better for your company to transfer risks from your company to your payments provider partner,” he comments.

He also advises ISVs and software developers to reevaluate their own operations payment data management. “ISVs aren’t immune to PCI DSS. If you handle credit card information, you need to comply. It’s another reason to have a trusted payments provider partner,” he points out.

The date when PCI DSS 4.0 becomes effective in 2024 will come all too fast, so smart ISVs and software developers are beginning to prepare now. “Plan to make updates or help your clients change processes as soon as possible because the time when it will be mandatory will arrive quickly,” Clayton says.

He also advises stressing a security-first approach with your team and assessing your partnerships with payment companies. One important step to take now is asking them what their plans are to update their platforms to comply with PCI DSS 4.0.

ISVs and software developers also need to do their due diligence to research payment companies’ past security compliance. Ask to review your potential partner’s PCI Attestation of Compliance report, which will show the security controls the payments company uses. If it shows any deficiencies, ask for an explanation. You can also use the Visa Global Registry of Service Providers to see their record complying with Visa’s rules.

“It’s proof of their credibility,” says Clayton. “It will help you gauge your partner’s expertise in security.”

Bernadette Wilson, a DevPro Journal contributor, has 19 years of experience as a journalist, writer, editor, and B2B marketer.

Excellent Performance, Accurate Dimension, Fast Delivery

Long Term Cooperative Relationship With First Line Brands At Home And Abroad

Constant Improvement, Extraordinary Quality

Plan Now for PCI DSS 4.0

Featured Products

News & Blog

Wireless Pos Terminal Devices Market Set to Witness Explosive Growth by 2022| First Data, Verifone, NCR Corporation – Designer Women

Wireless Pos Terminal Devices Market Set to Witness Explosive Growth by 2022| First Data, Verifone, NCR Corporation – Designer Women

Wireless POS Terminal Market Size, Scope and Forecast | VeriFone, PAX Global Technology, Diebold Nixdorf Incorporated, Elavon, Castles Technology, Winpos, BBPOS Limited, Ingenico, Bitel, Cegid Group. – Designer Women

How the Chip Shortage Is Prompting Payments Players to Adopt a Variety of Workarounds – Digital Transactions

POS Receipt Printer Market Size 2022 And Growth By Top Keyplayers – APG Cash Drawer, Seiko, Transact Technologies, CognitiveTPG – Designer Women

Top 3 Reasons To Buy Ethereum Now! - CryptoTicker

Top 3 Reasons To Buy Ethereum Now! - CryptoTicker

Five tips from a real-life dating coach

Automotive Biometric Device Market Survey and Forecast Outlook by 2022-2028 – Designer Women

Automotive Biometric Device Market Survey and Forecast Outlook by 2022-2028 – Designer Women