PCI Council Unveils New Payment Security Requirements in Update

PCI Council Unveils New Payment Security Requirements in Update

April 14, 2022

The PCI Security Standards Council (PCI SSC) recently announced the release of version 4.0 of the PCI Data Security Standard (PCI DSS). The standard is a baseline level of network security for businesses that accept card payments, including e-commerce merchants. The new version replaces PCI DSS 3.2.1, which will remain active until March 31, 2024, to give merchants time to understand and implement changes.

Merchants can refer to the PCI DSS v4.0 Summary of Changes document for a comprehensive understanding of the requirements of the new version. In addition to more ways for organizations to demonstrate how they are achieving security objectives and updated firewall terminology, the new version also has stronger requirements around the use of multi-factor authentication (MFA). Strong Customer Authentication rules that were part of PSD2 in Europe, which included MFA, experienced significant delays in implementation in the U.K., but eventually came into force.

The PCI SSC hopes that will not be the case here, with plenty of lead time and industry participation in the development and rollout of version 4.0.

“The industry has had unprecedented visibility into, and impact on the development of PCI DSS v4.0,” said Lance Johnson, executive director of PCI SSC. “Our stakeholders provided substantial, insightful, and diverse input that helped the Council effectively advance the development of this version of the PCI Data Security Standard.”

Previous-Article-CNP  Next-Article-CNP

Register Today


  • Share this Article:
DJ Murphy

Lastest Fraud News