According to the Verizon Payment Security Report 2020, only 27.9 percent of surveyed companies were in full compliance with the PCI DSS in 2019. Now that PCI DSS 4.0 has been released, it is more important than ever to maintain compliance – especially with the significant changes made to the regulation.  

PCI DSS 4.0 has had the most significant updates since its release 18 years ago. Most the changes include mandating authenticated vulnerability scans, enforcing multi-factor authentication for all access to card data environments, and more frequent scope validation for some sectors. Organizations have until March 31, 2024, to comply, but with so many changes, there is no time like the present to begin your journey to compliance.  

Here are a few of the biggest changes in PCI DSS 4.0:  

  • Greater emphasis on security – The new standard promotes flexible data practices integrated within an organization’s wider security posture. Emerging technologies do not always fit a rigid, prescriptive control framework.  
  • Password and user authentication – These policies must reflect the best password management practices and mandate multi-factor authentication for all access to the CDE.  
  • Scope validation and data discovery – This requires service providers to revalidate their scope every six months, identifying all locations of cardholder data and designating entities to perform quarterly data discovery exercises.  
  • Enhanced monitoring – Organizations must automate log reviews using log analyzers and SIEM solutions, which improves vulnerability scan results with authenticated scans and ensures service providers support customer penetration testing.  

It is never too early to partner with a cybersecurity expert like 2W Tech to help you comply with PCI DSS. Call us today so we can help you meet your compliance obligations through our Cybersecurity Compliance Program.  

Read More:

Power BI Can Truly Now Be Anywhere

Back to IT News