Preparing for PCI DSS 4.0: Five Steps to Get Financial Institutions Ready
Comforte, Friday, February 16th, 2024
For two decades, payments security industry body the PCI Security Standards Council (PCI SSC) has demanded compliance with an ever-growing set of rigorous technical and operational requirements in order to protect cardholder data. PCI DSS 4.0 is the biggest update to its payment card industry data security standard since its inception in 2004.
It applies to any organization that accepts, processes, stores or transmits card data-which means most financial institutions. But with so much on their to-do list, what should financial services firms prioritize to accelerate compliance before the 1 April 2025 deadline?
What's new in PCI DSS 4.0?
PCI DSS 4.0 was designed to move with the times-not an easy feat in a world where threat actor innovation is moving as fast as enterprise digital transformation. That's why it introduces a series of new requirements designed to ensure complying banks are as secure as they can be. In fact, the banking industry is a prime target for data breaches, given the huge quantity of card details and personally identifiable information (PII) it stores. According to one recent study, the sector was the most breached in 2023, overtaking healthcare with over a quarter (27%) of recorded incidents.