PCI DSS V4.0

Updated Protocol, Same Perspective

Across the Western Hemisphere the payments community is getting ready for a new and revised version of PCI DSS. Updated guidance from the PCI Security Standards Council (PCI SSC) confirms PCI DSS V4.0 will be released in March.

The PCI SSC has been working tirelessly over the last two years to deliver Version 4.0 of the PCI Data Security Standard (DSS).

The PCI SSC provides the global payments community with not just peace of mind, but also security and guidance regarding the complex and constantly shifting digital payments landscape. Naturally, the world of digital payments can at times be confusing and disorientating; such is the complex nature of the business.

However, guidance and practical advice put out by the PCI SSC eradicates so much of the uncertainty. Given the success of PCI DSS V3.2, we should welcome and support the new and updated protocol upon its release.

Last year, the SSC completed its rounds of stakeholder feedback concerning the implementation of V4.0. Industry feedback is fundamental to the continued evolution of the Data Security Standard, as each iteration has a broad impact on the PCI global community. With stakeholder feedback now complete, and incorporated into V4.0 validation documents, we can expect a draft copy of PCI DSS to enter the marketplace soon.

The SSC previously declared that due to the “significance” of revision in V4.0, a draft standard and a summary of changes documents would be released to allow stakeholders time to familiarise themselves with the standard before publication. According to the SSC, the draft standard will be available to Participating Organisations, Qualified Security Assessors (QSAs), and Approved Scanning Vendors (ASVs). The draft is due to be released in the coming weeks.

Source: PCI SSC

Crucially, the SSC have announced that “training for QSAs and ISAs to be able to support PCI DSS V4.0 is targeted for June 2022”. As responsible members of the payments community we absolutely encourage your participation in this round of training. The training provided by the SSC will be unparalleled in its accuracy and reliability. PCI compliance requires a holistic approach – all team members must be well versed in the requirements.

It is also very important to note that once V4.0 comes into effect, V3.2.1 will not become obsolete immediately. The SSC will institute a transition period to accommodate for stakeholder acclimatisation. The transition will allow organisations time to familiarise themselves with the changes in V4.0, update their reporting forms, and plan for and implement the changes required to meet the new standard. According to the council, PCI DSS V3.2.1 will remain active for an 18-month period.

Yet, despite this lengthy transition, CyberCX encourages a swift adoption of the V4.0 standard. The demands of the digital world are constantly changing, and we cannot, with any degree of certainty, claim that future threats to the payments community could be effectively dealt with by an outdated DSS system.

Considering the enhanced sophistication of cybercrime and the growing frequency of attacks, especially on those responsible for protecting consumer data, we encourage complete compliance with the new standard. As an industry leader in cyber security and data loss prevention, we understand – better than most – the need to be protected. Protection is achieved by not resting on your laurels, but through action. Preparing your team for PCI DSS V4.0 is of vital importance, both to your business’s operability and client security. You should act today, and begin on your PCI DSS V4.0 journey.

How can CyberCX help?

Get in touch to speak to one of our consultants about the adoption of the PCI DSS V4.0 standard or any of our PCI DSS services.

Contact us today!