The Payment Card Industry Security Standards Council implemented version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS) on March 31, 2024. The previous version (3.2.1) is now retired and cannot be used. The update is designed to improve security for payment card transactions, safeguarding sensitive information, maintaining trust in electronic payments, and reducing the likelihood of a data breach.
In our previous Insight articles, we've delved deeply into the nuanced adjustments embedded within this latest version. We carefully examined each part of the update, from big changes to small details in the Self-Assessment Questionnaire (SAQ). Our objective? To give you detailed information and analysis, helping you understand the changes and their effects on PCI compliance.Your organization can still check if it follows payment card industry data security standards and make any needed updates. With the rollout of the latest standards, there are fresh requirements mandated to be in place by March 31, 2024. There are new rules that must be followed by March 31, 2025, according to the PCI Security Standards Council. These updates necessitate a proactive approach to ensure alignment and adherence to the evolving PCI DSS.
Ensuring compliance with the PCI DSS v4.0 requirements is a critical undertaking for your organization to remain PCI compliant. This means creating a plan for the new standards, checking for any problems, and fixing them quickly. Additionally, maintaining up-to-date documentation is paramount to support ongoing PCI compliance efforts. Key documentation includes:
Several PCI Compliance updates and changes that organizations should be aware of include:
The new version 4.0 of the compliance framework has more requirements than just the PCI DSS full Report on Compliance (RoC). These additional requirements also change the Self-Assessment Questionnaires (SAQs). To comply with the updated standards, a thorough understanding of the scope of the environment and new requirements is necessary.
If you have any inquiries regarding the content of this article or seek guidance on assessing your organization's credit card compliance, please don't hesitate to reach out to RubinBrown. We're here to provide assistance and support in navigating the intricacies of PCI DSS compliance.
Published: 04/02/2024
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.