Dara Security

Planning for PCI DSS 4.0

September 04, 2019

The development process has begun for PCI DSS 4.0, the latest revision of the PCI standard aimed at supporting businesses in their efforts to safeguard payment card data. 

PCI DSS 4.0 is planned for a late 2020 release and will be the result of industry input gathered during the 2017 Request for Comments (RFC) period as well as future RFC periods that will be posted on the PCI SSC website.

According to initial industry feedback, the PCI SSC will be reviewing the specific areas of:

1.       Authentication, especially regarding the NIST MFA/password guidance

2.       Broader applicability for encrypting cardholder data on trusted networks

3.       Monitoring requirements to consider technology advancement

4.       Greater frequency of testing critical controls

In PCI DSS 4.0, the twelve core PCI DSS requirements will most likely remain unchanged since these are considered to be the backbone of payment card data security. However, the updated standard will see revisions aligned with the ever-changing threat landscape as well as risk mitigation techniques. The goals for PCI DSS 4.0 include:

1.       Ensure the standard continues to meet the security needs of the payments industry

2.       Add flexibility and support of additional methodologies to achieve security

3.       Promote security as a continuous process

4.       Enhance validation methods and procedures