On March 31, 2022, the PCI Security Standards Council launched the eagerly awaited PCI DSS v4.0, marking a significant leap in the ongoing development of security standards safeguarding payment card data. This latest version, the result of three years of extensive collaboration and feedback from hundreds of organizations contributing thousands of insights, stands as the most substantial overhaul of these standards since their inception nearly twenty years ago.
The revised PCI DSS v4.0 lays down a comprehensive framework of technical and procedural safeguards required for the secure handling of account data by any party involved in processing, storing, or transmitting cardholder details. It underscores the universal applicability of these standards to any businesses that engage in credit card transactions or play a role in facilitating them.
This update is a response to the dynamic shifts witnessed in the domain of digital payments, accelerated by the global pandemic’s push towards online transactions and advanced point-of-sale systems. It also addresses the progressive use of cloud technologies for data storage and the sophisticated tactics employed by cyber adversaries targeting the payment sector.
Core Enhancements and Goals of PCI DSS V4.0:
- Emphasis on Sustained Security Measures: A pivotal adjustment in v4.0 is its approach towards establishing ongoing security evaluations, moving beyond the once-per-annum snapshot model.
- Updated Validation Techniques: With an update to the authentication requirements, the new standard now insists on passwords that are at least 12 characters long, integrating a mix of numeric and alphabetical characters, and necessitates the implementation of multi-factor authentication for all users accessing cardholder data environments.
- Customized Control Mechanisms: One of the significant introductions in v4.0 is the provision for organizations to devise their control measures aimed at fulfilling the standard’s requirements. This grants them the latitude to incorporate innovative technologies or methodologies. To support this adaptability, the standard has been updated to offer more flexible requirements, alongside intent statements that cater to the evolving landscape of digital payment threats.
- Enhanced Protection and Detection Requirements: Significant updates have been made to the security measures that even the smallest merchants must implement to safeguard their payment pages from being compromised. With PCI DSS v4.0, the responsibility is shared between the merchant and the processor/gateway. This also applies to merchants completing Self-Assessment Questionnaire A (SAQ A) and above. .
For a complete list of changes go to the PCI Security Standards Council
Transition Plan and Compliance Strategy:
Despite the official release of PCI DSS v4.0, its predecessor, version 3.2.1, remained operational until March 2024. Effective April 1, 2024, all merchants must adhere to PCI V4.0, although some requirements do not become mandatory till March 31, 2025.If they have not already done so, it’s imperative that businesses and organizations revise their compliance and the implementation of the new requirements.
Organizations that are already compliant with v3.2.1 had a deadline of March 31, 2024, to align with v4.0 standards. This underscores the necessity for firms not yet compliant to bypass the previous version and direct their efforts towards adhering to v4.0 standards without delay.
Datatel is at the forefront, ready to assist your organization in navigating the transition towards PCI DSS v4.0 compliance efficiently. Our suite of compliant solutions is tailored for both telephone (IVR Payments) and online payment modalities. Leveraging Datatel’s offerings can significantly streamline the path to achieving and sustaining PCI compliance.
We invite you to explore how Datatel can enhance your compliance journey through a personalized demonstration, ensuring your readiness for the PCI DSS v4.0 compliance landscape.
We’re Here to Help
Call 1 800 831 6660 or
What our clients are saying about us
“Never any issues with you guys! Things just work.”
“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”
“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”
“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”
“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”
“Great team to work with. I look forward to utilizing some additional capabilities in the future.”
“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”
“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”
“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”