In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online payments. At the same time, cybercriminals have adopted increasingly sophisticated methods, capitalizing on global instability to compromise individuals and organizations alike.

These ongoing shifts have made online payments and the digital infrastructure around them an important target, prompting the latest update in PCI DSS requirements. According to the PCI Security Standards Council, the overarching goals of the updates are to continue to meet the security needs of the payment industry, promote security as a continuous and evolving process, add flexibility for different security methodologies, and enhance validation methods.

All organizations that process or store cardholder data are now responsible for meeting the new requirements, and they have until March 2024 to do so. And while that may sound like the distant future, making these changes will require significant time and effort. There’s no better time to start than now.

With that in mind, we’ve put together a five-step checklist to help you transition to meet PCI DSS v4.0, and we’ve shared some of the highlights below.

Five Steps to Ensuring Continuous Compliance with PCI DSS

As you get ready to make the transition, it’s important to remember that PCI compliance — both with these new updates and in the future — isn’t a one-time effort. Continuous compliance with any cybersecurity standards is an important part of maintaining a strong security posture, and that requires being aware of new and updated standards, implementing best practices on an ongoing basis, and being thoughtful (Read more...)