Blog
Delap advisors can help you achieve your business goals. Learn How
Delap advisors can help you achieve your business goals. Learn How
The payment security landscape is ever evolving. We are on the brink of a significant shift in the Payment Card Industry Data Security Standard (PCI DSS). Are you prepared for the forthcoming PCI DSS v4.0?
The Payment Card Industry Data Security Standard (PCI DSS) serves as a benchmark for organizations that handle cardholder data. It's a robust framework designed to ensure the security of card transactions and protect cardholder data against threats. As technology and cyber attackers evolve, so too must our standards. And that's where PCI DSS version 4.0 comes into play.
PCI DSS v4.0 promises to usher in substantial changes, building upon the foundation laid by PCI DSS v3.2.1. These changes come with their own set of challenges — and opportunities. Are you ready to navigate them?
Enter the expertise of Delap. We're not just another CPA firm; we also specialize in cybersecurity. As a Qualified Security Assessor (QSA) Company, we pride ourselves on being ahead of the game, already qualified to assess against the v4.0 standard.
We'd like to help you prepare for the transition to PCI DSS v4.0 through this blog series.
We aim to offer you insights rooted in deep expertise and a history of excellence, whether you're in business management, IT leadership, or directly involved in PCI DSS implementation.
With the retirement of v3.2.1 set for March 31, 2024, the clock is ticking. You must be ready to assess against v4.0 starting April 1, 2024. That's just a couple of quarters away, and some of the changes to the DSS are substantial.
So, what are some of those changes and what will we cover in this blog series? Here's a snapshot of what to anticipate:
This is a brand-new concept in the standard. No longer are you limited to the PCI Security Standards Council's prescriptive approach (now known as the Defined Approach). For the Customized Approach, you must still meet the intent of the requirement but with your own methods or tools. Using the Customized Approach involves significant work that must be done by the merchant or service provider.
Are you deciding between the Customized Approach and the Defined Approach? In the majority of cases, the Defined Approach will be a better fit, and we'll help guide you through that decision.
PCI DSS v4.0 brings a whole suite of fresh requirements — 53 for merchants and 11 for service providers. That's a lot.
Of the new requirements, 13 will need to be in place by March 31, 2024, while 51 have a deadline of being in place by March 31, 2025.
In our blog series, we'll delve deep into the types of evidence that QSAs will need to see for the more complicated new requirements.
Our exploration won't stop there. Here's what else is on the agenda of our PCI DSS v4.0 blog series:
As you can see, we've got plenty to share with you. Our commitment is to help make your transition to v4.0 a little easier. Should you find yourself with questions or in need of strategic insights, just give us a call at 503-697-4118 and ask for Spencer, David, or Debra, or reach out online.
March 31, 2024, is coming.