Cybersecurity

Are you ready for PCI DSS 4.0?

In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS).

About PCI DSS

PCI DSS comprises 12 requirements to protect payment card data and has changed very little in the last ten years. But following three years of consultation, it has now undergone a substantial overhaul.

The latest version – 4.0 – was released in March 2022 and currently co-exists with version 3.2.1. It features 63 changes, 13 of which become mandatory in April 2024 when v3.2.1 is retired, with organizations required to fully comply with all the changes by March 2025.

V4.0 places much more emphasis on putting in place processes that are maintained as part of the business-as-usual culture, rather than with the objective of passing an annual assessment, according to the Verizon 2022 Payment Security Report. But what do the new requirements mean in practice and how can businesses begin to make the transition?

Adapting to new technology

PCI DSS 4.0 features four major changes:

The terminology has been updated with respect to network security controls to support a broader range of technologies that can be used to meet the security objectives traditionally met by firewalls

This reflects a move away from traditional server-based and parameterized networks towards distributed architectures, such as cloud and serverless technologies as well as zero trust network architecture (ZTNA) and sees the standard seek to accommodate the control mechanisms specific these new environments, supporting payments via mobile and the IoT, for instance. That said, the standard has always gone to great pains to remain technology neutral, so the aim here is to be all-encompassing while moving with the times.

Source

Veille-cyber

Share
Published by
Veille-cyber

Recent Posts

Sécurité des mots de passe : bonnes pratiques pour éviter les failles

Sécurité des mots de passe : bonnes pratiques pour éviter les failles La sécurité des…

1 semaine ago

Ransomware : comment prévenir et réagir face à une attaque

Ransomware : comment prévenir et réagir face à une attaque Le ransomware est l’une des…

1 semaine ago

Cybersécurité et e-commerce : protéger vos clients et vos ventes

Cybersécurité et e-commerce : protéger vos clients et vos ventes En 2025, les sites e-commerce…

2 semaines ago

Les ransomwares : comprendre et se défendre contre cette menace

Les ransomwares : comprendre et se défendre contre cette menace En 2025, les ransomwares représentent…

2 semaines ago

RGPD et cybersécurité : comment rester conforme en 2025

RGPD et cybersécurité : comment rester conforme en 2025 Depuis sa mise en application en…

2 semaines ago

VPN : un outil indispensable pour protéger vos données

VPN : un outil indispensable pour protéger vos données Le VPN, ou « Virtual Private…

2 semaines ago

This website uses cookies.