PCI SSC Council has published a new version of the security standard for payment cards

Source: https://cobaltstrike.net/2022/04/04/pci-ssc-council-has-published-a-new-version-of-the-security-standard-for-payment-cards/



The PCI Security Standards Council (PCI SSC) has published a new version of the PCI Data Security Standard (PCI DSS).

The 4.0 version of the standard offers a basic level of operational and technical needs designed to improve the security of payments, and replaces version 3.2.1. In addition, the new version is designed to use innovative methods to combat new threats.

As explained by PCI SCC specialists, the changes were made based on the feedback and wishes of the global payment system industry over the past three years.

Recent changes in PCI DSS 4.0 include:

“Extended Requirements 8” (Expansion of Requirement 8), requiring the use of multi-factor authentication to access cardholder data;

Updated firewall terminology for network security controls, supporting a wider range of technologies used to perform security tasks that were previously performed by firewalls;

Increased flexibility for businesses to demonstrate the use of various security techniques;

Targeted threat analysis, which allows organizations to decide how often they will perform certain actions that are most appropriate to eliminate the risks and needs of the organization.

The current version of the standard 3.2.1 will be valid online for two years until March 31, 2024. This way organizations will have enough time to study and implement version 4.0.

Start a discussion …