The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for those who want to phase in the new standard.
PCI DSS 4.0 couldn’t have come at a more opportune time, particularly as the global pandemic forces more individuals into online purchasing—from shopping and entertainment to healthcare and hospitality. With PCI 4.0 compliance mandated by 2025, it is critical to understand now what it will mean for client-side security, so businesses can begin the implementation process.
Whether you’re a startup, an e-commerce company, or a large corporation, as long as you handle credit card transactions, you need to be aware of and comply with the Payment Card Industry Data Security Standard (PCI DSS). As online commerce and online payment technology continue to grow, they need to be accompanied by new rules and regulations to make sure that both the business and the customers are safe and secure.
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by version 4.0 of the PCI DSS standard.
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be updated to address those changes. The most recent update to the PCI DSS was in 2018, and the world has certainly changed since then.
Organizations must enact effective third-party risk management (TPRM) programs to ensure their vendors fulfill cybersecurity requirements. Otherwise, they risk carrying the financial and reputational harm caused by customer data breaches. The PCI DSS standard covers aspects of third-party risk management as it's applicable to all organizations that process credit card data, especially the heavily regulated finance industry.