Are you ready for PCI DSS 4.0?

2023-04-26 04:00

In just under a year's time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard.

About PCI DSS. PCI DSS comprises 12 requirements to protect payment card data and has changed very little in the last ten years.

That's all changed under v4.0, as it's now possible to use security approaches that may differ from those specified in the standard provided the organization can prove the implementation meets the intent and addresses the risk associated with the requirement.

There's no longer the need to change passwords or phrases every 90 days if the business can dynamically analyze the security posture of accounts and organizations are now able to build their own authentication mechanisms as long as these meet the requirements.

With respect to the new requirements, organizations should look to priorities the changes based on how long they think it will take to achieve compliance.

Mechanisms to detect changes to customer-facing HTTP headers and payment pages have been included and similarly, requirement 12 requires a targeted risk assessment and to document and confirm the PCI DSS scope at least annually or upon any significant change.

News URL

https://www.helpnetsecurity.com/2023/04/26/are-you-ready-for-pci-dss-4-0/

#PCI #pcidss