Complying With PCI DSS Requirements By 2025
HelpNet Security, Monday, September 2nd, 2024
Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS), which came into effect back in April, incorporates a few important changes to make it fit for the modern digital world, addressing how technologies, the threat landscape and payment processes have changed.
For example, it includes a new customized approach for a more flexible and tailored implementation of security controls, through to a new focus on vulnerability management and authentication.
However, some of the requirements will force entities to make substantial changes. Due to their complexity, cost, and potential impact, these requirements have been given an extended implementation timeline. Many require specialized expertise and potentially significant technological investments.
There are 64 requirements in all: 13 are now in effect and mandatory, but the remaining (51) won't come into effect until 1 April 2025. Until then, they are classified as best practice requirements.