Payment Card Industry (PCI) Data Security Standard 4.0 is Coming

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Payment Card Industry Data Security Standard (PCI DSS) 4.0 is on the horizon. More details are expected late 2020 with the requirements to be in use in mid-2021. There have been a few releases from the PCI Council on what to expect in the new version of the digital security standard:

Added Flexibility. as of PCI DSS 3.2.1 (and earlier) you had to meet a control as prescribed or provide a compensating control. The compensating controls had to go above and beyond the PCI DSS requirements.  It is expected that PCI 4.0 will provide for customized implementations which will be not exact to the prescribed control, but ‘meet the intent’ of the control.

Authentication changes. The Council has indicated through its work with Europay it’s desire to incorporate NIST MFA and password guidance. This should allow for less password changes and complexity if also secured with a second factor such as an app or smart card.

Monitoring. More risk-based than detailed prescription. This should allow of quicker adoption of new technology in the threat detection arena. If the risk is mitigated by the technology. then it’s adoption should not be hampered.

More continuous testing. In PCI DSS 3 we saw the beginnings of this, as technologies have advanced the idea of continuous vulnerability and penetration testing as well as other testing controls have become possible, so why limit it to once a quarter or twice a year? The more promptly and regularly the testing data can be acted on the better.

Trusted networks. It has been assumed the PCI network was secure or trusted and others were untrusted. Expect to see more ‘zero trust’ ideas even in the trusted PCI zone.

PCI DSS 4.0 is looking like a welcome change.

Tracy Fox
+ posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search