Payment data security standards updated.
In March 2022, the PCI Security Standards Council (PCI SSC), a global payment security forum, published version 4.0 of the PCI Data Security Standard (PCI DSS). As of April 1, 2024 it will become the only active version of the standard as PCI DSS v3.2.1 will be retired March 31, 2024.
If an organization has a PCI DSS v3.2.1 assessment in place, it will not expire on March 31, 2024. The period that a PCI DSS v3.2.1 assessment result is valid does not change when v3.2.1 is retired. How long an assessment result is valid and how frequently an entity must be reassessed is determined by organizations that manage compliance programs (for example, payment brands and acquirers). Entities should always contact their acquirer or the payment brands directly for information about their compliance programs and reporting requirements.
PCI DSS is a global standard that provides technical and operational requirements designed to protect account data throughout the payment lifecycle. It includes standards for merchants, payment service providers and financial institutions regarding security practices, technologies, and processes as well as standards for developers and vendors for creating secure payment products and solutions. An entity achieves PCI compliance by consistently adhering to these standards.
PCI DSS standards have been updated to address emerging threats and technologies and enable innovative methods to combat new threats. Organizations will have until March 31, 2025 to phase-in new requirements that are initially identified as best practices in v4.0. After March 31, 2025, these new requirements are effective and must be fully considered as part of a PCI DSS assessment.
For more information about PCI DSS 4.0 standards and tips on how to prepare your organization for the move to PCI DSS 4.0 see this Guidance from the PCI Security Standards Council.
If your business is looking to better manage your merchant account or reduce fees, we’re here to help. We fix and monitor your existing merchant account, and we bring that money back to you. No need to change processors or add a project to your team’s already hectic workload. Schedule a consultation today.
Verisave is a third-party cost-reduction firm specializing in merchant accounts and credit card processing fees.
Verisave is not a payment processor, and is not affiliated with any processors, card brands, or banks.
Verisave has more than 20 years of experience optimizing and monitoring the credit card processing industry.