PCI-DSS 4.0: What you need to know (and how we prioritized updates)

To help protect cardholder data, any organization (public or private) that processes debit and credit card transactions has to adhere to the Payment Card Industry Data Security Standards (PCI DSS) framework and maintain compliance. On March 31, 2024, an updated PCI DSS (version 4.0) will go into effect — with over 60 new requirements.

What’s PCI-DSS? 

In 2004, several major companies collectively created a set of security standards focused on securing credit and debit card transactions against data theft and fraud. It’s a requirement for any organization that processes credit and debit card payments to comply with PCI security requirements — and it’s a signal to consumers that your organization is diligent about protecting sensitive data and personal information.

2024 Update overview

The PCI DSS 4.0 update addresses new technologies and threats that have emerged in recent years. The update features stricter requirements for risk assessment, stronger authentication standards, and heightened password requirements. 

Along with meeting the new needs of the payment industry, the updates aim to:

• Give organizations more flexibility with how they manage security (as long as they comply with the overarching standards)
• Position security requirements as an evolving process, not a one-time to-do list
• Enhance validation procedures 

What do the PCI DSS 4.0 requirement updates mean for PayIt?  

PayIt has successfully completed our implementation of the new PCI-DSS 4.0 standards, enacting a host of enhancements that fortify our security and reinforce our dedication to safeguarding transactions. 

Here’s how we’ve embraced and implemented the critical changes brought by PCI-DSS 4.0:

Proactive threat response

Our security systems have been meticulously updated to stay ahead of evolving threats, embodying a dynamic approach that responds in real time to the changing landscape of payment security.

Multi-factor authentication and password management

We have strengthened our authentication systems, meeting the more stringent multi-factor authentication requirements of PCI-DSS 4.0. Our password policies have been revamped, instituting more complex and secure protocols.

Web application firewall

Recognizing the need for enhanced protective measures, we’ve implemented a state-of-the-art Web Application Firewall (WAF) that is more robust and configurable than what we had before. With this protective layer in place, we’re not only keeping malicious activities at bay but also ensuring that our users’ data remains secure, reinforcing our unwavering commitment to trust and safety.

Risk analysis

Risk analyses continue to be a staple of our security protocol, allowing us to customize our compliance approach and embrace innovative methods that fit our security landscape. Additionally, we have further enhanced our analyses to allow us to continuously assess risks.

Next steps in security and compliance 

We’ve already implemented the robust updates that come with PCI-DSS 4.0, and the next step for PayIt is to undergo an external audit against the 4.0 standards described above and obtain an Attestation of Compliance (AOC). 

We are proud of our security measures and remain committed to continuously enhancing them to ensure the utmost protection for our clients and their residents.