What’s new in v4.0?
Essentially, the 12 core requirements of the PCI DSS haven’t changed, rather they have evolved to take into account advancements in security technology, risk mitigation techniques, and evolving threats. The changes strengthen security control requirements while at the same time adding flexibility to achieve compliance. This can be broken down into four key areas:
- Continue to meet the security needs of the payments industry.
- Promote security as a continuous process.
- Increase flexibility for organisations using different methods to achieve security objectives.
- Enhance validation methods and procedures.
What is PCI DSS v4.0?
PCI DSS v4.0 is the latest version of the Payment Card Industry Data Security Standard and was released on 31st March 2022.
How will my project be delivered?
We follow a structured project delivery process that we’ve designed using PRinCE2 and PRinCE2 Agile methodology and then moulded from our own experience. We use ‘collaborative working’ project management tools where we can, and we’re happy for our PMs to use your own project management software if you prefer.
How does Agent Assist work?
Our Agent Assist solution is very easy to understand from a user perspective. When the point of payment is reached in the call, the agent secures the line. PCI Pal’s secure cloud then captures all sensitive credit card details as it’s either spoken or entered via their telephone keypad without the agent hearing or seeing it, and it’s instantaneously sent to the payment provider for processing. Crucially, the voice path between the customer and agent remains open nearly all the time while this happens, so they can communicate should there be a problem. Watch the short video on our Agent Assist solution page to find out more.
What does PCI DSS v4.0 say about compensating controls?
Previous versions of the PCI DSS were very specific in that they require the use of compensating controls where the 12 PCI DSS requirements could not be met. The latest version allows for more flexibility, around adopting new technologies or security solutions to achieve compliance in place of compensating controls.
What if I’m not PCI DSS v4.0 compliant?
PCI DSS v3.2.1 will remain active until 31st March 2024. This provides organisations time to become familiar with the new version, and plan for and implement the changes needed. Our PCI DSS v4.0 timeline provides a useful guide on key milestones you need to be aware of.
What does PCI DSS v4.0 say about compliance and the cloud?
The core controls of previous versions were not designed for present-day IT environments. v4.0 introduces updated sets of requirements and approaches to securing cloud and serverless workloads. For example, requirement 1 used to be ‘build and maintain a secure firewall’. To incorporate cloud solutions, this is now ‘Build and Maintain a Secure Network and Systems’.
How long will it take to deliver my project?
Delivery of your project is dependent on the solutions you have chosen and your specific requirements. We have delivered previous projects in as little as 4-6 weeks. We will always endeavour to deliver your project successfully and on time.