Last year the PCI Security Standards Council announced that a new version – version 4.0 – of the Payment Card Industry Data Security Standards (PCI DSS) would be launched in late 2020. With this now on the horizon, we look at what is likely to change and how this will affect your business.
What is PCI DSS?
PCI DSS is a set of guidelines established by the major card providers – Visa, MasterCard, American Express, Discover and JCB – relating to the security and storage environment used when processing, storing or transmitting debit or credit card information. The guidelines apply to all businesses that take card payments, regardless of their size or industry and failure to adhere can lead to large fines being administered should a data breach occur.
Why is PCI DSS changing?
Since PCI DSS was launched in 2006, the card payment landscape has changed dramatically – contactless payments were yet to be developed and global internet speeds and cloud-based technologies were limited. Since the last major update in 2016, the world of card payment processing has shifted again with advancing technologies introducing new ways for consumers to pay, such as contactless payments via smartphone and the launch of Open Banking opening the door to third party applications becoming increasingly involved in business processes.
Sadly, alongside these advancements comes newly created threats to security, with cyber criminals improving their capabilities, exploiting weaknesses in interfacing systems to access personal and payment data.
What changes are likely to be included in PCI DSS v4.0?
While the 12 core principles of PCI DSS are expected to remain the same, according to the PCI Security Standards Council, PCI DSS version 4.0 will aim to reach the following high-level goals:
- To ensure the standard continues to meet the security needs of the payments industry and the businesses that use it.
- To add flexibility and support that will enable the standard to be applied across the variety of payment methods now available.
- To promote and encourage businesses to see security and PCI DSS compliance as an ongoing process rather than a one-off tick box exercise.
- To enhance validation methods and procedures – enforcing encryption and authentication processes to card payments.
A draft of version 4.0 is currently under review by PCI SSC stakeholders and a request for comments process is underway, from which amendments may be made in advance of its launch later in 2020.
What does this mean for my business?
The PCI SSC have stated that they intend for the security baselines to be realistically achievable and easily understood by all businesses globally. However, many businesses see the process of achieving compliance as a daunting challenge and one which requires time and resources. Despite what you might think, the ultimate purpose of PCI DSS isn’t to cause you a headache – the standard is in place to protect not only the customer but also the business from fraudulent card use and cybercrime.
How can we help?
At PCI Telecom, we create and maintain card payment processing solutions that fit the needs of your business, providing a secure environment for your customers to input their card details and make payments over the phone and online. We take on full responsibility for your PCI DSS compliance (also known as ‘descoping’) so that you don’t need to worry about it – therefore, any changes that are made to the standard are dealt with by us. And because all of our solutions are cloud-based, these amendments can be updated remotely without the need for us to make infrastructure changes onsite.
We know that card security means a lot to your customers, as does the ability to make payments swiftly and effectively, so having a variety of secure ways to pay is critical to your business’s success. This year sees the launch of our new PCI Webchat solution, adding to our suite of card payment processing systems that can be applied to suit the requirements of all businesses whatever their shape or size. For more information, take a look at our Solutions page or alternatively, get in touch to talk through your requirements.