Customer expectations for payment experiences have evolved over time to become what is standard today – simple, fast, and secure. On the other hand, those tasked with generating revenue and maintaining compliance expect reconciliation, reporting, and applications to be secure, accurate, and modern. Despite information security and regulatory compliance leading payer and stakeholder trust requirements in the full-cycle payment process, cyber criminals seek to exploit security weaknesses every chance they get. Like a united squad of superheroes, organizations across the globe have joined forces to create the Payment Card Industry Security Standards Council (PCI SSC), a global forum of more than 800 participating payments industry organizations. Their mission? Develop effective data security standards (DSS) and drive their adoption for safe payment transactions in the worldwide marketplace.
Earlier this month, the PCI SSC published their revised Summary of Changes from PCI DSS Version 3.2.1 to 4.0. Sounds heady, right? According to the Council’s document, PCI DSS v4.0 “furthers the protection of payment data with new controls to address sophisticated cyber attacks.” It aims to achieve four goals:
- Continue to meet the payment industry’s security needs — updated requirements for passwords, multi-factor authentication, and e-commerce
- Promote security as a continuous process — clearer transparency into requirement roles and security weaknesses
- Add flexibility for different methodologies (translation: allow for innovation) — custom PCI DSS requirements implementation and validation
- Enhance validation methods — tighter information alignment between compliance and attestation reports
Looking for some more details? Visit their website and stay tuned as we share.
