Changes Are Coming to PCI DSS

Updated: Jun 22

The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is coming soon!


An updated version of Payment Card Industry Data Security Standard (PCI DSS) is scheduled to be published in 2022. According to the PCI website, version 4.0 of the standard will be released during at the end of March 2022. Organisations adhering to the currently published version of the standard (v3.2.1) will have a transition period of two years to become compliant with the updated version. On 31 March 2024, the current version will be retired, and all organisations must be compliant with version 4.0 (see the timeline below).

PCI DSS version 4.0 implementation timeline
PCI DSS version 4.0 implementation timeline

What’s New in Version 4.0?


Version 4.0 of the PCI DSS includes new clauses which will be future-dated and identified as “best practices” rather than requirements when v4.0 is published. Organisations will have an additional year beyond the transition period (until 31 March 2025) before these new practices become requirements. PCI has not provided insight into what changes are being made to the standard or details about what the new clauses contain except as part of their limited Stakeholder Preview process accessible only to preapproved organisations under non-disclosure agreements. However, there are no major changes anticipated to the twelve core PCI DSS requirements.


We are continuing to monitor for updates about the new version and will provide updates as information becomes available. At the very least, we know changes will not take effect immediately and organisations will have a transition period to reach conformity with PCI DSS v4.0.


Interested in ensuring your organisation is PCI DSS compliant? Whether you're just beginning your PCI DSS journey or simply need a check-up, Allendevaux & Company can help! Reach out to our team of security and compliance experts at dpaas@allendevaux.com or via our Contact form.

 

This post was written by David Sutherin

ISCI Certified ISO 27001 Lead Implementer, CREST CPSA, CompTIA Security+

Cybersecurity Practice Manager

63 views1 comment