Companies accepting credit card payments online have a new set of standards to abide by as of today.
The Payment Card Industry Security Standards Council has issued version 4.0 of its PCI Data Security Standard (PCI DSS), a standard defining security measures to protect payment card information.
RELATED RESOURCE
Multi-factor authentication deployment guide
A complete guide to selecting and deploying your MFA authentication guide
Anyone holding this data, such as online retailers or service providers, must comply with the standard.
The new version of PCI DSS features several changes. It expands its access control requirements to make multi-factor authentication (MFA) mandatory for all access into the cardholder data environment, and also updates password requirements.
Companies following the standard will also have to implement new protections against phishing attacks.
The latest document also introduces more flexibility for organizations to demonstrate their compliance. Whereas the previous version focused on firewall protection, version 4.0 has broadened its terminology to address other network security controls.
The Council has also added support for targeted risk analyses. These let companies define how frequently they perform some security-related activities, it said.
The PCI will translate the new version of PCI DSS into different languages over the next few months. Assessors - the companies that verify compliance with the standard - also have to train in the new version.
The current version, 3.2.1, will remain active until 31 March 2024, the Council said. After that, version 4.0 will be the only active version of the standard. Some requirements in the new version are defined as best practices, but will become mandatory. Organizations will have an extra year - until March 31 2025 - to phase those in.
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
HPE eyes enterprise data sovereignty gains with Aruba Networking Central expansionNews HPE has announced a sweeping expansion of its Aruba Networking Central platform, offering users a raft of new features focused on driving security and data sovereignty.
-
Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performanceWhitepaper Deploy servers with a secure approach
-
Fortify your future with HPE ProLiant Servers powered by IntelWhitepaper Enhance your security and manage your servers more effectively
-
Architecting enterprise networks for the next decadeWhitepaper A new paradigm in network architecture
-
Why network monitoring tools fail within secure environmentsWhitepaper Gain visibility into devices, networks, and applications
-
Better together: HPE Aruba Networking CX switches and HPE Aruba Networking CentralWhitepaper Explore the power and simplicity of managing HPE Aruba Networking CX Switches with HPE Aruba Networking Central
-
Cyber-resilient infrastructure starts with server securitywhitepaper Take a security-focused approach when investing in the next wave of IT infrastructure.
-
Driving digital innovation with intelligent infrastructurewhitepaper Strong infrastructure investment is driving digital in all industries
