What’s new in v4.0?
Essentially, the 12 core requirements of the PCI DSS haven’t changed, rather they have evolved to take into account advancements in security technology, risk mitigation techniques, and evolving threats. The changes strengthen security control requirements while at the same time adding flexibility to achieve compliance. This can be broken down into four key areas:
- Continue to meet the security needs of the payments industry.
- Promote security as a continuous process.
- Increase flexibility for organizations using different methods to achieve security objectives.
- Enhance validation methods and procedures.
What is PCI DSS v4.0?
PCI DSS v4.0 is the latest version of the Payment Card Industry Data Security Standard and was released on March 31st 2022.
How will my project be delivered?
We follow a structured project delivery process that we’ve designed using PRinCE2 and PRinCE2 Agile methodology and then moulded from our own experience. We use ‘collaborative working’ project management tools where we can, and we’re happy for our PMs to use your own project management software if you prefer.
How does Agent Assist work?
Our Agent Assist solution is very easy to understand from a user perspective. When the point of payment is reached in the call, the agent secures the line. PCI Pal’s secure cloud then captures all sensitive credit card details as it’s either spoken or entered via their telephone keypad without the agent hearing or seeing it, and it’s instantaneously sent to the payment provider for processing. Crucially, the voice path between the customer and agent remains open nearly all the time while this happens, so they can communicate should there be a problem. Watch the short video on our Agent Assist solution page to find out more.
What does PCI DSS v4.0 say about compensating controls?
Previous versions of the PCI DSS were very specific in that they require the use of compensating controls where the 12 PCI DSS requirements could not be met. The latest version allows for more flexibility, around adopting new technologies or security solutions to achieve compliance in place of compensating controls.
What if I’m not PCI DSS v4.0 compliant?
PCI DSS v3.2.1 will remain active until 31st March 2024. This provides organizations time to become familiar with the new version, and plan for and implement the changes needed. Our PCI DSS v4.0 timeline provides a useful guide on key milestones you need to be aware of.
How long will it take to deliver my project?
Delivery of your project is dependent on the solutions you have chosen and your specific requirements. We have delivered previous projects in as little as 4-6 weeks. We will always endeavor to deliver your project successfully and on time.
How does PCI Pal integrate with my payment provider?
The simple answer is… with ease! Fortunately, the majority of payment providers have modern APIs that we’re able to integrate with our secure cloud services. Additionally, payment providers are usually PCI compliant, so we have no issue integrating our secure cloud with their services. Payments made via PCI Pal are processed by the provider at the same speed (or quicker) than you would find using their virtual terminals directly. But we don’t get too involved; we just do our job of securing your customers’ data and all your other systems can behave as normal.