The time has finally come! After 6,000+ items of feedback received by over 200+ companies, the PCI Security Standards Council has published its long-awaited update to the Data Security Standard. Version 4.0 replaces version 3.2.1 to address emerging threats and technologies that impact a rapidly evolving payments landscape. As the Council was considering what changes were needed, four main goals were identified and became the driving force behind the numerous changes made in the Standard:
- Continue to meet the security needs of the payments industry
- Promote security as a continuous process
- Increase flexibility for organizations using different methods to achieve security objectives
- Enhance validation methods and procedures
Additionally, the Council has outlined the following timeline that details how the transition from v3.2.1 to v4.0 will occur over the upcoming years:
The preparation and implementation to v4.0 for stakeholders will extend through 2023, with the retirement and therefore transition to the new standard occurring at the end of Q1 2024.
You can find the latest PCI v4.0 resources on the PCI Security Standards website where they dive into the following:
- PCI DSS Summary of Changes from v3.2.1 to v4.0
- A first look at PCI DSS v4.0 video from the Council representatives
- PCI DSS v4.0 at a glance – overview documentation
- A preview into PCI DSS v4.0 and the transition training podcast
Need help getting ready to comply with the DSS v4.0? FD is here to help get you familiarized and prepared for these changes!