What is the New PCI Data Security Standard?
PCI DSS v4.0 replaces PCI DSS version 3.2.1 to address emerging threats and technologies better and provide innovative ways to combat new threats. See our ‘At A Glance‘ Presentation for more detail.
Version 4.0 includes feedback from over 200 businesses, which have provided more than 6,000 pieces of feedback over the past 3 years towards this newest PCI DSS standard.
This invaluable feedback will help ensure that the global standard remains useful and relevant in today’s complex and rapidly changing payment security landscape. Several changes have occurred recently in the payments industry, including a surge in online purchases, point-of-sale (POS) devices, and cardholder data being stored on cloud platforms.
At Gradeon we help our clients understand how to transition to the new PCI v4 Standard. The best approach any organisation can make at this stage is to perform a gap analysis.
Our PCI Validation support service provides a buffer between your business and IT teams, acquirers, payment gateways and auditors. We assist at every step, we do the heavy lifting while you run your business. We work with many of the leading brands and PCI SSC.
Our PCI Validation Service is a flexible packaged service which starts with an initial discovery to apportion the support our customers need from one off gap analysis to initial assessments, design, remediation, final certification, ongoing support and annual re-validations. Our PCI Validation Service caters for businesses of all sizes and status. Talk to a Gradeon representative for further details.
Be prepared, starting the process now will put your organisation in a more informed position about how you can transition to the new standard.
What’s New in PCI DSS v4.0?
The most significant change between PCI DSS versions 3.2.1 and 4.0 is the introduction of the Customised Approach concept.
While in the traditional approach (now called “Defined Approach”) the entity implemented the established technical controls as they appeared in the standard, in the Customised Approach the entity can select the control it considers most adapted to its environment to manage the related risk, offering greater flexibility and adaptation to emerging solutions.
Thus, in PCI DSS v4.0, an entity can choose to use either the Defined Approach or the Customised Approach depending on its needs.
