Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
The Payment Card Industry Data Security Standard (PCI DSS) has been the bedrock of cardholder data protection since its launch in 2006. With the implementation deadline of March 31st, 2024 rapidly approaching, the standard has undergone a significant transformation since its previous version to address the evolving demands and complex nature of modern cyber threats.
The update to the standard is driven by four main objectives:
Introduction of the Customised Approach
The most significant change from PCI DSS 3.2.1 to 4.0 is the introduction of the Customized Approach. This concept allows entities to move beyond the traditional 'Defined Approach', which requires strict adherence to the technical controls as specified in the standard. Instead, with the Customized Approach, entities have the flexibility to select controls that they deem most suitable for their environment to manage associated risks. This offers greater adaptability and the ability to embrace innovative solutions. In PCI DSS v4.0, entities have the choice to use either the Defined Approach or the Customized Approach, depending on their specific needs and circumstances.
Updated and New Requirements
Alongside the Customised Approach, PCI DSS 4.0 has updated existing requirements and introduced new ones to mitigate emerging threats. Key updates include:
The Self-Assessment Questionnaires and the Report on Compliance template have been greatly expanded in levels of detail and doubled in size. Audited organizations are now under a lot more scrutiny to achieve compliance.
The transition period of 31 March 2024 provides organizations with the necessary time to transition to the new version while retaining the option to comply with the previous version, v3.2.1. Additionally, out of 64 of the new requirements, 51 are future-dated due to their complexity and/or cost of implementation. Certain requirements will be considered best practices until 31 March 2025, after which they will become mandatory.
Impact on Organisations
For organizations that are already PCI-validated, it is crucial to review the changes in PCI DSS 4.0 and begin planning for the transition. This should involve consulting with a qualified security assessor to understand the implications of the new Customized Approach and other changes.
Summary of Changes
The PCI Security Standards Council has made substantial updates to the standard, reflecting the need to stay current with the evolving threat landscape and technological advancements. These changes affect a broad spectrum of requirements and will have implications for all entities that handle cardholder data.
We've got your back during this transition with:
Column Header Text | Column Header Text | Column Header Text |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
|
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Established in 2009, Advantio offers a comprehensive portfolio of professional, managed, advisory, and security testing services. Our subject matter expertise and services focus on cybersecurity, data protection, risk, and compliance with a distinct specialization in the ‘Payment Card Industry.’ We believe that for your organization to compete and grow in a rapidly evolving environment, investing in the right partner and technology is crucial to help you focus better on your core business. Our team works tirelessly to help you achieve, maintain, and demonstrate compliance against the most demanding cybersecurity standards and regulatory frameworks on time and on budget. With a strong presence across Europe and global reach on four continents, we have become the partner of choice for many large corporates and international enterprises. Our clients span a diverse range of fintech suppliers and fintech consumers in verticals such as travel, hospitality, telecommunication, financial, healthcare, education, entertainment, government, non-profit and more.
Comments