PCI DSS 4.0
Description
What's in this article?
The Payment Card Industry Security Standards Council (PCI SSC) continuously upgrades it various standards to keep up with new technology, the changing threat landscape, and evolving payment environments. One of their standards is the Data Security Standard (DSS) that all merchants and service providers must adhere to. The changes in version 4.0 were designed to:
- Keep up with the evolving security needs of the payment card industry
- Add more flexibility and methodologies for achieving security
- Promote security as a continuous process
- Enhance validation methods and procedures
If you would like to read more detail about what the changes include, you can review the Summary of Changes document from the PCI Council.
How will this affect you?
The impact of the PCI DSS 4.0 changes will depend on the volume of your card transactions per year (not your dollar volume).
| Card transaction volume per year | Impact |
|---|---|
| Less than 1 million | You won’t notice much difference. Our solutions mostly use newer technologies that help protect card data and reduce the overall PCI scope, like Validated Point to Point Encryption. |
| Over 1 million | Reach out to your Merchant Portfolio Officer or dedicated Merchant PCI Analyst for any questions and details. |
What to expect
When you are ready to start or renew your PCI compliance in 2024, the PCI Assist portal will take you through the process. The new version will go into effect in February 2024.
NOTE
If you are in process with a Self-Assessment Questionnaire when we update from version 3.2.1 to 4.0, then you will be notified and given a few days to complete your SAQ. If you do not, then the next time you sign in, you will have to go through the Profile process again and start over with the SAQ.