www.pcisecuritystandards.org Open in urlscan Pro
54.225.255.199  Public Scan

Form analysis
1 forms found in the DOM

GET /search

<form action="/search" method="get"><input class="search-input" type="text" name="cludoquery" id="" placeholder=""><input class="search-submit" type="button" name="" id="search_submit_button" value="Submit"></form>

Text Content

 * Contact
 * Change Your Language
   * English
   * Français
   * Español
   * 日本語
   * Deutsch
   * Italiano
   * Português
   * 中文
   * Русский
   * Türkçe


Toggle Menu
 * Get Started
   
   
   GET STARTED
   
   
   COVID-19 Resources
   
   
   
   PCI SECURITY ESSENTIALS
   
    * Overview
    * Why Security Matters
    * How to Secure
    * Maintaining Payment Security
    * Completing Self Assessment
    * Standards Overview
    * Glossary
   
   
   MERCHANT RESOURCES
   
    * Getting Started with PCI
    * Data Security Essentials Evaluation Tool
    * PCI Perspectives Blog
    * Self-Assessment Questionnaires (SAQ)

 * Assessors & Solutions
   
   
   ASSESSORS & SOLUTIONS
   
   
   Assessor Overview
   Verify a Professional
   COVID-19 Resources
   
   
   
   ASSESSORS
   
    * 3DS Assessors
    * Approved Scanning Vendors
    * Card Production Security Assessors
    * Internal Security Assessors
    * Payment Application Assessors
    * Point-to-Point Encryption Assessors
    * Qualified PIN Assessors
    * Qualified Security Assessors
    * Software Security Framework Assessors
   
   
   PRODUCTS AND SOLUTIONS
   
    * 3DS Software Development Kits
    * Approved PTS Devices
    * Validated Payment Software
    * Secure SLC-Qualified Software Vendors
    * Payment Applications (PA-DSS)
    * Point to Point Encryption Solutions
    * Software-based PIN Entry on COTS (SPoC) Solutions
    * Contactless Payments on COTS (CPoC) Solutions
   
   
   ADDITIONAL RESOURCES
   
    * PCI Forensic Investigators
    * PCI Professionals
    * Qualified Integrators and Resellers
    * PCI Recognized Laboratories
    * Give Feedback

 * Document Library
 * Training & Qualification
   
   
   TRAINING & QUALIFICATION
   
   
   COVID-19 Resources
   
    * Overview
    * 3DS Assessor
    * Approved Scanning Vendor
    * Associate QSA
    * Card Production Security Assessor
    * Internal Security Assessor
    * Payment Application QSA
    * PCI Acquirer Training
    * PCI Awareness Training
    * PCI Forensic Investigator
    * PCI Professional
   
    * P2PE Assessors
    * Qualified Integrator and Reseller
    * Qualified PIN Assessors
    * Qualified Security Assessor
    * Secure SLC Assessor
    * Secure Software Assessor
    * Working From Home: Security Awareness
    * Meet Our Trainers
    * Training FAQ
   
    * Program Fees
    * eLearning Training Schedule
    * Corporate Group Training
    * Informational Training
    * Credly Digital Badging

 * About Us
   
   
   ABOUT US
   
   
   COVID-19 Resources
   
    * Overview
    * Leadership
    * Jobs at PCI
    * Contact Us
   
    * Antitrust Policy
    * Privacy Policy
    * IPR Policy

 * Get Involved
   
   
   GET INVOLVED
   
   
   COVID-19 Resources
   
    * Overview
    * Affiliate Members
    * Board of Advisors
    * Global Executive Assessor Roundtable
    * Participating Organizations
    * Regional Engagement Board
    * Special Interest Groups
    * Strategic Members
    * Strategic Regional Members
   
    * Community Events
    * Past Events
    * Event Photo Gallery
   
    * Request for Comments

 * Newsroom
   
   
   NEWSROOM
   
   
   COVID-19 Resources
   
    * Newsroom Home Page
    * Blog
    * Announcements
    * In the News
    * Events

 * FAQs

Return to Newsroom



PRESS RELEASE

Securing the Future of Payments: PCI SSC Publishes PCI Data Security Standard
v4.0


GLOBAL INDUSTRY FEEDBACK HELPS SHAPE STANDARD TO SECURE GLOBAL PAYMENT DATA

WAKEFIELD, Mass., 31 March 2022 — Today, the PCI Security Standards Council (PCI
SSC), a global payment security forum, published version 4.0 of the PCI Data
Security Standard (PCI DSS). PCI DSS is a global standard that provides a
baseline of technical and operational requirements designed to protect account
data. PCI DSS v4.0 replaces version 3.2.1 to address emerging threats and
technologies and enable innovative methods to combat new threats. The updated
standard and Summary of Changes document are available now on the PCI SSC
website.

To provide organizations time to understand the changes in version 4.0 and
implement any updates needed, the current version of PCI DSS, v3.2.1, will
remain active for two years until it is retired on 31 March 2024. Once assessors
have completed training in PCI DSS v4.0, organizations may assess to either PCI
DSS v4.0 or PCI DSS v3.2.1. The standard also provides additional time for
organizations to implement many of the new requirements. More information on the
implementation timeline can be found on the PCI Perspectives Blog.

Feedback from the global payments industry drove changes to the standard. Over
the course of three years, more than 200 organizations provided over 6,000 items
of feedback to ensure the standard continues to meet the complex, ever-changing
landscape of payment security.

“The industry has had unprecedented visibility into, and impact on the
development of PCI DSS v4.0,” says Lance Johnson, Executive Director of PCI SSC.
“Our stakeholders provided substantial, insightful, and diverse input that
helped the Council effectively advance the development of this version of the
PCI Data Security Standard.”

Updates to the standard focus on meeting the evolving security needs of the
payments industry, promoting security as a continuous process, increasing
flexibility for organizations using different methods to achieve security
objectives, and enhancing validation methods and procedures. Details about the
updates can be found in the PCI DSS v4.0 Summary of Changes document on the PCI
SSC website.

Examples of the changes in PCI DSS v4.0 include:

 * Updated firewall terminology to network security controls to support a
   broader range of technologies used to meet the security objectives
   traditionally met by firewalls.
 * Expansion of Requirement 8 to implement multi-factor authentication (MFA) for
   all access into the cardholder data environment.
 * Increased flexibility for organizations to demonstrate how they are using
   different methods to achieve security objectives.
 * Addition of targeted risk analyses to allow entities the flexibility to
   define how frequently they perform certain activities, as best suited for
   their business needs and risk exposure.

 WATCH: “First Look at PCI DSS v4.0” a video featuring Council representatives
discussing key changes to the standard.



“PCI DSS v4.0 is more responsive to the dynamic nature of payments and the
threat environment,” says Emma Sutcliffe, SVP, Standards Officer of PCI SSC.
“Version 4.0 continues to reinforce core security principles while providing
more flexibility to better enable diverse technology implementations. These
updates are supported by additional guidance to help organizations secure
account data now and into the future.”

LISTEN: Coffee with The Council: A Preview of the PCI DSS v4.0 and Transition
Training a podcast featuring Council representatives discussing what to expect
with PCI DSS v4.0 and assessor training information.

In addition to the updated standard, supporting documents published in the PCI
SSC Document Library include the Summary of Changes from PCI DSS v3.2.1 to v4.0,
the v4.0 Report on Compliance (ROC) Template, ROC Attestations of Compliance
(AOC), and ROC Frequently Asked Questions. Self-Assessment Questionnaires (SAQs)
will be published in the coming weeks.

To support global adoption of PCI DSS, the standard and Summary of Changes will
be translated into several languages. These translations will be published over
the next few months, between March and June 2022.

The Council will provide additional information throughout the year to help the
community understand the changes made to the standard. This includes the PCI DSS
Symposium, an online education event available 21 June 2022 for PCI SSC
community members. Training for assessors will be available in June. For a
schedule of assessor training sessions consult the PCI SSC training resource
page.

VIEW: “PCI DSS v4.0 At a Glance” an overview document on the changes to PCI DSS
v4.0.

Subscribe to the PCI Perspectives Blog for additional resources including
podcasts, videos, and blog posts designed to help organizations navigate the
transition to PCI DSS v4.0.

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry
effort to increase payment security by providing industry-driven, flexible, and
effective data security standards and programs that help businesses detect,
mitigate, and prevent cyberattacks and breaches. Connect with the PCI SSC on
LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI
Perspectives Blog.

###




ABOUT US

 * Leadership
 * News
 * Jobs
 * Blog


TRAINING

 * Webinars
 * Qualification
 * Documents


GETTING STARTED

 * Participating Organizations
 * Affiliate Members
 * Awareness


CONTACT & INFO

 * About Us
 * Careers
 * Contact Us


MEDIA

 * News Room
 * Press Contacts
 * Events
 * 

Copyright © 2006 - 2022 PCI Security Standards Council, LLC. All rights
reserved. Terms and Conditions. Sitemap   •   Association Management services
provided by Virtual, Inc.   •   Antitrust Policy   •   Privacy Policy  •   IPR
Policy




English   •   Français   •   Español   •   日本語   •   Deutsch   •   Italiano   •
  Português   •   中文   •   Русский   •   Türkçe

Loading....

Our website uses both essential and non-essential cookies (further described in
our Privacy Policy) to analyze use of our products and services. By clicking
“ACCEPT” below, you are agreeing to our use of non-essential cookies to provide
third parties with information about your usage and activities. If you click
“DECLINE” below, we will continue to use essential cookies for the operation of
the website.

AcceptDecline