The PCI Security Standards Council (PCI SSC), a global payment security forum, published version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS v4.0 replaces version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats. The updated standard and Summary of Changes document are available now on the PCI SSC website.
Also Read:JFrog Partners with Softline India to Accelerate DevOps and DevSecOps Adoption
To provide organizations time to understand the changes in version 4.0 and implement any updates needed, the current version of PCI DSS, v3.2.1, will remain active for two years until it is retired on 31 March 2024. Once assessors have completed training in PCI DSS v4.0, organizations may assess to either PCI DSS v4.0 or PCI DSS v3.2.1. The standard also provides additional time for organizations to implement many of the new requirements. More information on the implementation timeline can be found on the PCI Perspectives Blog.
Feedback from the global payments industry drove changes to the standard. Over the course of three years, more than 200 organizations provided over 6,000 items of feedback to ensure the standard continues to meet the complex, ever-changing landscape of payment security.
“The industry has had unprecedented visibility into, and impact on the development of PCI DSS v4.0,” says Lance Johnson, Executive Director of PCI SSC. “Our stakeholders provided substantial, insightful, and diverse input that helped the Council effectively advance the development of this version of the PCI Data Security Standard.”
Updates to the standard focus on meeting the evolving security needs of the payments industry, promoting security as a continuous process, increasing flexibility for organizations using different methods to achieve security objectives, and enhancing validation methods and procedures.