PCI DSS 4.0

Although only four years have passed since the last version of the standard, v3.2.1, was put in place, tumultuous changes have required a new set of modifications. The COVID pandemic acted as the catalyst for abrupt shifts in shopper behaviors and the embracing of cloud-based platforms that facilitated online shopping and remote work. In keeping with this evolution, cyber attackers also developed ever more sophisticated ways to compromise data and usurp digital systems.
Compliance Management Platform
PCI DSS 4.0 Audit Management and Continuous Compliance by Experts

Goals of PCI DSS 4.0
The standard will continue to meet the payment industry’s security needs.
It will keep achieving security via flexibility and support of additional methodologies.
It will promote security as a continuous process.
It will enhance procedures and validation methods.
The PCI DSS is made up of 12 requirements divided into six categories:

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy
PCI DSS 4.0 Changes
Multifactor authentication (MFA) for all accounts that can access cardholder data became more stringient.
Access privileges must be reviewed at least once every six months.
Permissions for the group, shared, and public accounts. Targeted risk analyses aim to allow organizations to establish the frequency of performing certain tasks.
It is required that strong passwords for accounts and systems be used. They should be at least 15 characters long, including numeric and alphabetic characters. Additionally, any password must be compared against a list of known bad passwords.
Password protocols require that those used for applications and systems be changed at least every 12 months or if there is suspicion of compromise.
Assessor training will begin in June. V3.2.1 will remain in effect for two years after the publication of V4.0, with a deadline date of March 31, 2024. That will give organizations time to learn the new requirements and develop strategies to implement the changes.
Ready To Get Started?
We would be happy to help you get started on your compliance journey.