What is PCI DSS?

The PCI Security Standards Council (PCI SSC) serves as a worldwide platform where stakeholders in the payments industry collaborate to establish and promote data security standards and resources, ensuring secure payments on a global scale.  Their updated regulations for PCI DSSv4.0 allow for a flexible approach to meet the standard requirements with the introduction of a “Customized Approach” in addition to the “Defined Approach”. Note: the “Customized Approach” is only recommended for entities with a robust security program and risk management practices.

What are the drivers behind the update?

• Ensure the standard meets the security needs of the Payment Card Industry (PCI)
• Add flexibility to support different methodologies to achieve security
• Promote security as a continuous process
• Enhance validation methods and procedures

When will updated regulation for PCI DSSv4.0 go into effect?

• Existing PCI DSSv3.2.1 will remain active for 2 years (through March 31, 2024)
• New PCI DSSv4.0 requirements will go into effect March 31, 2022, and either version can be used until March 31, 2024.
• After March 31, 2024, the updated regulation for PCI DSSv4.0 will be required.

What do I need to do?

• Review the updated requirements of PCI DSS (Link).
• Determine whether the Defined Approach or Customized Approach is best for your organization, and consult with your Assessor if the Customized Approach is the preferred validation approach.
• Define an implementation plan for the updated requirements.
• Determine when the  assessment will become effective for your organization (prior to March 21, 2024)

How can Socium Security help?

Socium can assist entities that are designing their security programs for PCI DSS compliance with services around completing the Self-Assessment Questionnaire (SAQ) and penetration testing services on in scope systems.

How can I learn more?

Refer to the PCI DSSv4.0 Resource Hub for information, documentation, and updated news regarding v 4.0.