PCI DSS 4.0 and You

Author Tim Erlin (VP of Strategy, Tripwire) addresses PCI Data Security Standard 3.2.1 changing to 4.0 in his blog article “Act Now: Leveraging PCI Compliance to Improve Security”. But what does it mean for PCI DSS 4.0 to go to 3.2.1? Will it have an impact on your business or organization? What does any of this stuff mean? Please continue and we will help you to understand the impact for your small business or organization.

PCI DSS 4.0

PCI is a compliance standard for vendors that accept payment cards. While a simple view of this compliance standard relates to a lower credit card fee from card companies, a larger view is that compliance offers a higher degree of IT security for businesses that handle sensitive financial information. The Payment Card Industry—along with many vendors—realized it was in everyone’s interests to avoid costs associated with financial crime via IT theft or fraud. (We examined several compliance standards in more detail, including PCI DSS, in this blog article.)

PCI DSS 4.0 is essentially shorthand for Payment Card Industry Data Security Standard 4.0. The current standard, 3.2.1, has been in effect since 2018. However, in March 2022, the Payment Card Industry announced the 4.0 standard including, as defined by Wikipedia, “[u]pdated firewall terminology, expansion of Requirement 8 to implement multi-factor authentication (MFA), increased flexibility to demonstrate security, and targeted risk analyses to establish how they operate and manage risk exposure.”

The official retirement of PCI DSS 3.2.1 will occur on March 31, 2024. (You can check out more details regarding PCI DSS 4.0 from the PCI Security Standards Council’s resource page.) So why discuss it now? Preparing for changes like this early not only allows for proper budgeting but increases IT security, even if only incrementally, along the way.

Great! More IT Cost! (Yes, that was sarcastic.)

Increased IT security may indeed come with increased cost. But Erlin’s article describes “compliance as a tool, not a burden”. Indeed, we would urge small business owners and decision makers to consider changes from this (optimistic) angle as well. The idea isn’t to make changes because they are more expensive or inconvenient; rather, the idea is to work together to decrease data risk and lower overall cost—especially those costs sunk into recovering funds or accounting for stolen funds that never get recovered—by making financial information more difficult to steal from the get-go.

Some of the changes include more stringent permissions with regards to roles, higher level multifactor authentication requirements, increased password complexity requirements, and increased guidance/training with regard to IT/cybersecurity.

Where To Start?

An experienced IT team can offer insights to budgeting and project processes during the transition to PCI DSS 4.0. If you need a hand, GIVE US A CALL or CONTACT US! Our team of experts is ready to help you step into a better IT security posture that’s more in line with PCI DSS 4.0!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

PCI DSS 4.0

Great! More IT Cost! (Yes, that was sarcastic.)

Where To Start?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666