The recent publication of the PCI Data Security Standard (PCI DSS) version 4.0 reflects the importance of securing payment data and keeping up with the ever-evolving needs of the global payment industry. To create a comprehensive and flexible framework, experts from more than 200 organizations provided over 6,000 pieces of feedback, ensuring a more versatile and effective solution for securing account data.
To assist your organization in adapting to the changes introduced by PCI DSS v4.0, the earlier version (v3.2.1) will remain active until March 31, 2024, giving you ample time to implement any required updates. You can refer to the implementation timeline on the PCI Perspectives Blog for more details.
Critical changes in PCI DSS v4.0 concentrate on these key aspects:
Some notable updates in PCI DSS v4.0 include:
The changes in PCI DSS v4.0 contribute to a more adaptable and responsive approach towards the payment and threat landscape. This updated standard guides organizations to secure account data in the present and future by reinforcing core security principles and offering flexibility for diverse technology implementations.
Complementing the updated standard, accompanying documents in the PCI SSC Document Library offer valuable insights into the transition process. Translations of the standard and Summary of Changes will be accessible in several languages, with further resources like podcasts, videos, and blog posts to support the community’s understanding.
Lastly, the PCI DSS Symposium on June 21 2022, offers an online education event for community members, covering important aspects of the updated standard. Assessor training for PCI DSS v4.0 will become available in June. Check the PCI SSC training resource page for the schedule of assessor training sessions.