New PCI DSS Standard Focuses on Flexibility, Authentication
Published on by Griffin Dickerson in SOC Reports, Technology
In the fight against the ever-increasing threat of cybercrime, the payment card industry (PCI) Security Standards Council has issued an updated PCI Data Security Standard (DSS) – version 4.0. The new standard went into effect on March 31, 2024, and compliance is critical for maintaining secure payment environments – and your customers’ trust. Here are a few of the highlights.
1. Increased flexibility
The new PCI DSS 4.0 standard increases flexibility for businesses that accept payment cards by enabling them to choose the security controls that best fit their business, risk management, and security needs.
2. Integration of new technologies
Authenticated scans, encryption of Sensitive Authentication Data (SAD), payment page script integrity, and automated mechanisms for performing audit log reviews are just a few of the technologies integrated into the new standard, which is designed to help organizations that handle cardholder data build and maintain a secure network and systems.
3. Authentication and encryption
PCI DSS 4.0 increases emphasis on authentication and encryption, including a strong emphasis on Multi-Factor Authentication (MFA). The new standard also boosts password complexity, increasing the minimum length requirement from eight characters to 12 characters. Additionally, it requires a review of access privileges every six months and increases the limitation and monitoring of vendor and third-party accounts.
Timing is everything
While the new standard went into effect on March 31, 2024 as noted above, 55 of its 64 new requirements are future-dated due to complexity and cost of implementation – and until March 31 of 2025, those 55 future-dated components will be considered best practices. But the line in the sand for full compliance is March 31, 2025.
For a comprehensive overview of the updated standard, visit our web page covering PCI DSS or the PCI Security Standards Council’s PCI DSS v4.0 Resource Hub. You can also check out this short video, where SOC reporting practice leader and Barnes Dennig Director Robert Ramsay breaks down PCI DSS compliance with senior assurance associate Zachary Riggs.
Next steps
Implementing the new standard has its complexities, and the Barnes Dennig team of cybersecurity specialists is here for you. Contact us for a free consultation and start your journey to full compliance with the new standard, higher levels of business security, and customer trust. As always, we’re here to help.