It’s time to start thinking about PCI DSS 4.0. The latest version was released on March 31, 2022, but sites have until March 31, 2024, to learn and implement the new standards. The Payment Card Industry Data Security Standard (PCI DSS) exists to improve the security of payment card data by establishing a baseline standard for technical and operational requirements that keep sensitive account data secure. It was developed to better address emerging security threats, clarify guidance, and facilitate more customized security solutions.
Examples of PCI DSS 4.0 Requirements
- Encrypt sensitive authentication data (SAD) that is stored electronically prior to completion of authorization.
- Maintain an inventory of trusted keys and certificates.
- Define the frequency of periodic malware scans in the entity’s targeted risk analysis.
- Provide a malware solution for removable electronic data.
- Detect and protect personnel against phishing attacks.
- Increase passwords to a minimum of 12 characters and implement multi-factor authentication for all access into the CDE.
Access the full list of PCI DSS 4.0 requirements here or refer to this summary of changes from version 3.2.1 to 4.0. You can also visit BizLink for additional information related to PCI and FAQs.
We all saw how fast 2022 flew by, and rumor has it that 2023 will pass us by even quicker. Make sure you begin to formulate and execute a plan for how to keep your site(s) in compliance.