As the PCI Standards Security Council continues to receive feedback from industry representatives and stakeholders on PCI DSS v4.0, the new target date for the completion of the standard is now in Q1 2022. Training of QSAs will follow during the remainder of 2022. There will still be ample time to transition to v4.0, with the sunset period for v3.2.1 likely to be 18-24 months.
The key initiatives, covered in our original post from the PCI Security Standards Council’s North America Meeting, are still in play as the Council’s objectives with v4.0 are to:
- Continue to provide the critical foundation for securing payment data in a rapidly evolving ecosystem.
- Promote security as a continuous process.
- Improve flexibility for organizations using a broad range of methods and technologies to achieve PCI DSS security objectives.
The PCI specialists at Frazier & Deeter will continue to monitor the progress on PCI DSS v4.0 as we move toward the new standard.
Mindy Milliet CISA, QSA, CISM, PCIP is a certified PCI Qualified Security Assessor and the leader of Frazier & Deeter’s PCI practice. Mindy has over 20 years of experience in internal audit, IT audit, and data security. With her extensive SOX, internal audit and security audit experience, Mindy works with clients across a wide range of industries with a focus on financial services, restaurants, hospitality, manufacturing, distribution, healthcare and traditional and eCommerce retail.
Derrick Rice CISSP, CISA, CCSK, QSA is a Director in Frazier & Deeter’s Process, Risk & Governance Practice, where he focuses on information and technology systems management, design, security and support. Derrick provides subject matter expertise and manages the delivery of various security assessments, including PCI, HITRUST and HIPAA.
Jessie Sandell CISA is a Manager in the Process, Risk & Governance Practice. She specializes in information technology internal audits, SOC reports and payment card industry (PCI) compliance. Jessie has a technical background in computer information systems with expertise in audit, compliance, control and security areas.
Matt Bonfre CISA, CCSK is a Senior Associate in the Process, Risk, & Governance Practice, where he has experience in industries ranging from retail and healthcare to technology and financial services. Matthew performs internal control assessments including SOC 1, SOC 2, PCI, HITRUST and SOX for both IT and business processes.