Facebook pixel
Acumen Connections » Blog » Understanding New PCI DSS v4.0 [New Compliance Measures]

Understanding New PCI DSS v4.0 [New Compliance Measures]

understanding New PCI DSS V4.0 Blog thumbnail

Brush up on the new era of PCI DSS v4.0 because compliance is necessary for every business

As a business that accepts card payments for your products and services, you need to be aware of PCI compliance and what it entails. We bring you the latest updates all in one place so that you don’t have to go digging for information by yourself. Let’s explore the newest evolution of PCI compliance together – PCI DSS v4.0! 

Your business has been accepting card payments, but are you aware of Payment Card Industry (PCI) compliance?  

In short, PCI compliance refers to a set of standards that a business must follow regarding protecting customers’ card information acquired during card transactions. PCI compliance sets global standards for a baseline of security requirements for businesses to follow. These standards are designed to protect customer data. These standards are set and regulated by the PCI Security Standards Council. We have a whole guide on PCI compliance!  

In this article, we will discuss the latest evolution of compliance, PCI DSS v4.0, which is the updated version of requirements. In addition, we’ll cover some updates our own customers can expect to see. Here’s what to know about PCI compliance in 2023 and 2024.  

New version, new terms

Transitioning to the new PCI DSS v4.0 version will bring forth a few security changes.  

Changes may be in the form of requiring multi-factor authentication for all accounts having access to cardholder information. This ensures a higher level of security. It’s found that multi-factor authentication prevents almost 100% of bulk phishing and targeted attacks.  

Additional changes could be enhanced card encryption for all cardholder data transmissions.  

PCI DSS v4.0 compliance goals

There are 6 main goals for compliance with PCI DSS v4.0. All of the requirements can be lumped into one of these key objectives. Take a look: 

  1. Building and maintaining a secure network and systems 
  2. Protecting customers’ card data
  3. Maintaining a vulnerability management program
  4. Restricting access to cardholder data
  5. Regularly monitoring and testing security systems
  6. Maintaining a policy that upholds information security

The PCI DSS must continue to evolve as time goes by. It is in your best interest to keep up with these upgrades. Updates might include different language options and upgrades to the list of requirements. Keep up with these security updates to best serve your customers and maintain the integrity of your business. 

Comparison of the 12 requirements in v 3.2.1 and PCI DSS version 4.0   

We get it, change can be scary. However, change is often for something better. At least when it comes to PCI compliance updates, change is a good thing. It helps you protect your customers’ data along with your business.  

We recommend familiarizing yourself with PCI DSS v4.0 to ensure a smooth transition from the previous PCI DSS v3.2.1. 

See the full list of PCI DSS requirements. The security requirement changes that come with the new v4.0 are expanded upon here:  

3.2.14.0Category
1. Install and maintain a firewall configuration to protect cardholder data.  
  
2. Do not use vendor-supplied defaults for system passwords and other security parameters.  
1. Install and maintain network security controls.  
  
2. Apply secure configurations to all system components.  
Build and maintain a secure network and systems.  
3. Protect stored data.  
  
4. Encrypt transmission of cardholder data across open, public networks.  
3. Protect stored account data.  
  
4. Protect cardholder data with strong cryptography during transmission over open, public networks.  
Protect cardholder data.  
5. Use and regularly update anti-virus software.  
  
6. Develop and maintain secure systems and applications.  
5. Protect all systems and networks from malicious software.  
  
6. Develop and maintain secure systems and software.  
Maintain a vulnerability management program.  
7. Restrict access to cardholder data by business need-to-know.  
  
8. Assign a unique ID to each person with computer access.  
  
9. Restrict physical access to cardholder data.  
7. Restrict access to system components and cardholder data by need to know.  
  
8. Identify users and authenticate access to system components.  
  
9. Restrict physical access to cardholder data.  
Implement strong access control measures.  
10. Track and monitor all access to network resources and cardholder data.  
  
11. Regularly test security systems and processes.  
10. Log and monitor all access to system components and cardholder data.  
  
11. Test the security of systems and networks regularly.  
Regularly monitor and test networks.  
12. Maintain a policy that addresses information security for all personnel.  12. Support information security with organizational policies and programs.  Maintain an information security policy.  

What to expect when you’re expecting the PCI DSS v4.0—a transition timeline 

Once the PCI DSS v4.0 is launched, the previous v3.2.1 will stick around for two years. From March 2022 to March 2024, businesses should acquaint themselves with the new version.  

These two years will be ample time for them to get familiar with the changes and fulfill the new requirements. 

The PCI DSS v3.2.1 will officially retire on March 31, 2024, and the PCI DSS v4.0 will be the only available active version. The 2-year transitioning period should be sufficient for organizations to make the switch from v3.2.1. 

Other changes for Acumen Connection merchants 

Traditionally, the PCI compliance fee has been one annually reoccurring fee. Starting in 2023, payment processor, Acumen Connections, will split the annual fee into smaller amounts, quarterly. This change will allow Acumen Connections merchants to pay PCI renewal fee in smaller and more manageable installments. This ensures business convenience.  

An additional goal of this change is to encourage merchants to keep PCI and security on their mind more. Instead of thinking about PCI compliance once a year when the bill is due, we encourage merchants to reflect on security precautions throughout the year. One study found in 2020, only 43.4% of organizations maintained full compliance later in the year.  

Technology is always changing. Scammers and hackers are adapting. They’re not waiting around all year to try to hack your system. It’s important to keep your security top of mind throughout the year to guard your customers’ data.  

And it’s a wrap!

Running a business is no child’s play. Along with meeting your quality and sales goals, you must ensure you’re meeting security and PCI compliance requirements. It is a bad idea to neglect compliance as it will only lead to bigger problems that could jeopardize your entire business. 

We don’t believe in fearmongering, but failing to meet PCI compliance requirements can not only result in fines, but it can also expose your business to data fraud and consequent legal implications. Not to mention the severe damage to your reputation. You don’t want to be in this pickle.  

The bottom line is that security and compliance matters. That’s why it is vital that you arm your business with PCI DSS v4.0 compliance at the earliest and keep bringing in that sweet dough! 

If you found this article helpful, you should consider switching to Acumen Connections as your payment processor provider. We help small businesses across the nation process payments, and we do so in a way that saves businesses money. We spend time helping businesses understand their fees and more. Plus, our customers stay updated with weekly business tips and industry trends (such as this one).  

Best of all, there’s no contract – so you can cancel any time (but you won’t want to). Contact us for more details. 

Acumen Connections

Acumen logo icon

We’re connecting you to key resources to grow your brand! As a company, we approach complicated topics head-on. Sometimes this means we have several expert teammates working together to prepare a highly informative resource for you. In cases like these, we prefer to attribute the article to the Acumen Connections team. Whether your goals include entrepreneurial ventures, enhanced marketing prowess, or triumphing over imposter syndrome, rest assured, our articles have expert-backed insight.

Meet Our Authors >

Leave a Comment

Your email address will not be published. Required fields are marked *