PCI DSS 4.0: Evolution of a Standard
The Payment Card Industry Data Security Standard (PCI DSS) has undergone its most significant update in years with version 4.0. It aims to address emerging threats and technologies.
Key Changes
- Customized Approach: Unlike the rigid checklists of the past, 4.0 allows organizations to implement alternative security controls if they meet the intent of the requirement. This is great for innovative tech stacks.
- Authentication: Stricter multi-factor authentication (MFA) requirements for all access to the Cardholder Data Environment (CDE).
- Phishing: New requirements to implement automated mechanisms to detect and protect against phishing attacks.
- e-Commerce: New controls for client-side scripts (to prevent Magecart-style attacks) on payment pages.
Timeline
While v4.0 is released, v3.2.1 remains active for a transition period. However, future-dated requirements become mandatory soon. Don't wait until the last minute.