PCI DSS 4.0 Comes Into Force in April: Everything You Need to Know

PCI DSS 4.0 Comes Into Force in April: Everything You Need to Know

In the ever-changing landscape of online payments, the PCI DSS (Payment Card Industry Data Security Standard) regulation has evolved from a sector guideline to a key pillar in securing credit card transactions. Compliance with PCI DSS, developed by the major credit card companies, is mandatory for any organization that processes, stores, or transmits card data, regardless of its size.

The PCI DSS standard evolves to address growing cyber threats. With version 4.0 coming into effect on April 1, it is crucial to stay updated on the changes and prepare for its implementation, as non-compliance may result in significant penalties and even the loss of the license to operate with cards.

2023 has been a year of major challenges and changes as we helped our clients adapt to the new standard. Over twelve months, we carried out more than 120 PCI-DSS audits, including 51 Level 1 PCI, PIN, 3DS, and Card Production audits, earning the trust of over 100 clients in 20 countries.

Differences Between Version v3.2.1 and the New v4.0 of PCI DSS

When comparing the main requirements of versions 3.2.1 and 4.0, significant changes stand out, reflecting the need to strengthen security for credit card transactions. Here are some of them:

  1. Network Security:

    2. The new version 4.0 expands on the installation and maintenance of network security controls, recognizing the importance of addressing security at a broader level and not only protecting the cardholder data.

  2. Secure Configurations:

    3. It no longer simply recommends avoiding vendor default configurations for passwords and security parameters. The new version emphasizes the importance of applying secure configurations across all system components, thus increasing the overall security level.

  3. Protection of Stored Data:

    4. Information is highly valuable to cybercriminals, which is why PCI DSS 4.0 extends its protection beyond cardholder data to include stored account data.

  4. Encryption During Transmission:

    5. Starting in April, it will be necessary to strengthen data transmission over open public networks with robust cryptography.

  5. Physical Access Restriction:

    6. The importance of restricting physical access to cardholder data remains unchanged.

  6. Regular Testing:

    7. The importance of regularly testing security systems and processes is emphasized.

  7. Support With Policies and Programs:

    8. Version 4.0 continues to highlight the importance of supporting information security with organizational policies and programs.

Objectives of PCI DSS 4.0

The key objectives that the PCI SSC followed in developing the new version 4.0 are:

  1. Ensure that the standard continues to meet the security needs of the payments sector.
  2. Provide flexibility and support for additional methodologies to achieve security.
  3. Highlight the importance of security as an ongoing process.
  4. Improve validation procedures and methods.

At BOTECH, we remind you that if you still haven't updated to version 4.0 of PCI DSS, you only have a few days left, as the new standard is about to take effect. Remember that compliance is mandatory, and failing to meet the standard can result in significant penalties, strict audits, and even the loss of your license to operate with cards.

If you need to ensure data protection and security in online financial transactions, reduce fraud, and build trust, ask us how to do it. We will be happy to help you comply with PCI DSS 4.0 and make the process smooth and simple Shall we talk?