PCI DSS 4.0: Secure Card payment with the latest security standard

21. June, 2023

PCI DSS stands for “Payment Card Industry Data Security Standard” and was developed to ensure the protection of credit card data and the security of transactions. The aim is that all companies involved that process, store or transmit credit card transactions take appropriate security measures to protect sensitive data. [1]

The PCI DSS standard consists of mandatory technical and organisational requirements, including network security, data protection, vulnerability management and access monitoring and logging. It affects retailers, e-commerce websites, payment service providers, banks, hotels, restaurants, and other organisations that accept credit card payments. Both large companies and small merchants must comply with PCI DSS, regardless of the number of transactions they process. Compliance with the PCI standard is monitored through regular security audits and reviews.

What changes with PCI DSS version 4.0?

The updated version 4.0 was published in March 2023. The transition period to this new version ends in April 2024, after which the current version 3.2.1 is no longer valid. By April 2025 at the latest, all companies must be fully compliant with version 4. [2]

In the updated version 4, IT security is no longer regarded as a rather static institution but is required as a constant flexible process. Depending on the company, this can have a significant impact if resource-intensive processes, documentation, and protocols must take place on a more regular and traceable basis. [3] The required active, individual security strategy is also to be supplemented with specially adapted risk assessments and countermeasures.

Required security measures for PCI DSS 4.0

Apart from the essential strategic reorientation of the security topic, version 4 also contains extensions of individual measures. [4] Some of these are hopefully already largely addressed and implemented in many companies:

  • Detection and protection against phishing attacks
  • Regular review of all user accounts and access permissions
  • Two-factor authentication and updated password requirements
  • Automated review of security-related logs and log data
  • Active vulnerability management (scanning for vulnerable services)
  • Better monitoring of communications for malware and attacker anomalies via NGN firewall and IPS technologies

The enhanced PCI DSS standard is designed to better secure credit card data and transactions to ensure the safety of credit card data, protect end users from identity theft and fraud, and minimise potential liability risks in the event of data breaches.

The update of the standard requires companies to deal with IT security more comprehensively than before and will therefore be accompanied by increased efforts. In case of non-compliance, companies will face penalties, fines, loss of payment processing services and customer trust.

.

This could also interest you:

Get your IT security strategy fit for the future!
4 tips to boost cyber security awareness in the company

Sources:
[1] https://www.onlinesicherheit.gv.at/Themen/Experteninformation/Normen-und-Standards/PCI-DSS.html
[2] https://docs-prv.pcisecuritystandards.org/PCI%20DSS/General%20Guidance/PCI-DSS-v4-0-At-a-Glance-r1-DE.pdf?lang=de
[3] https://listings.pcisecuritystandards.org/documents/PCI-DSS-v3-2-1-to-v4-0-Summary-of-Changes-r1.pdf
[4] https://www.csoonline.com/article/3678989/pci-dss-4-0-is-coming-how-to-prepare-for-the-looming-changes-to-credit-card-payment-rules.html

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download