Prepare for PCI DSS 4.0
What to Expect with PCI DSS 4.0
We’ve been talking about PCI DSS 4.0 for quite a while now, and the release is just around the corner with an expected date of sometime in mid-2021. Now is a great time for software providers and merchants alike to review and prepare for the upcoming changes.
Objectives of PCI DSS 4.0
The goals guiding the update of the security standard include:
- Improve the procedures and validation methods used to protect customer security.
- Establish a culture of continuous data security, as PCI compliance is not just a moment in time.
- Expand the range of available security methods.
- Adapt to serve the payment industry’s evolving security needs since payment technology is ever-changing.
New Features of PCI DSS 4.0
The main change involves expanding compliance requirements for businesses. Earlier versions of the standard, including the current PCI DSS 3.2.1, mandates specific steps for companies to achieve compliance with the security standard.
The PCI DSS will reportedly offer an alternative compliance program. Customized implementation allows businesses to set their own security objectives and design corresponding systems and controls. If they submit comprehensive documentation of this process, they can achieve compliance through approval from a qualified security auditor (QSA).
In addition, version 4.0 will enhance the focus on cloud computing as more businesses and services than ever rely on these serverless systems. PCI DSS 4.0 will include updated cloud payment security requirements, along with enhanced card data encryption during transmission and stronger login and password controls such as multifactor authentication.
At Paragon Payment Solutions, our decades of industry knowledge combined with our focus on developing payment technology to simplify payments we have everything your business needs to adapt to the updated compliance requirements of PCI DSS 4.0.
We love to talk everything payments! Reach out today to find out more about how we can help you limit your scope of PCI compliance.