PCI DSS Version 4.0: What are the key changes in v4.0?

The changes in v4.0 are designed to meet a series of principles in a similar way that the control requirements are based on a set of principles. They are:

PCI-DSS Compliance

Promoting security as a continuous process

PCI-DSS Compliance

Increasing flexibility

PCI-DSS Compliance

Enhancing validation methods and procedures

PCI-DSS Compliance

Continue to meet the security needs of the payment industry

From a more granular perspective, in v4.0 some of the changes will include:

  • Authentication – The requirement for Multi-Factor Authentication will be expanded as well as updates to password requirements.
  • Education and awareness – The introduction of requirements for e-commerce and phishing training.
  • Governance – Rather than an overall expectation of roles and responsibilities, these will be expanded to ensure that they are clearly defined for each requirement within the PCI DSS.
  • Account management – The allowance of group, shared and generic accounts.
  • Risk management – The use of targeted risk analysis to empower an organisation to establish frequencies for certain activities.

This is not a comprehensive list, just an overview of some of the significant changes. As a Qualified Security Assessor (QSA) company, Xcina Consulting can assist your organisation with preparing for the changes in the standard.

Recommended articles:

PCI DSS Version 4.0 What is it and why now? >>

What should organisations do about it? >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>