LRQA Nettitude Blog

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) was released at the end of March 2022. At the time of writing, we now have less than one year until the previous version, 3.2.1, is retired and can no longer be used for new assessments.

If you've ever taken a credit card as payment for anything, then you've probably heard of the Payment Card Industry Data Security Standard (PCI DSS). This defines a set of requirements for merchants and service providers to protect their customers' payment card data. The importance of PCI DSS lies in the fact that it helps to protect sensitive data which could have huge ramifications should it fall into the wrong hands. This includes information such as credit card numbers, names, addresses, and other personally identifiable information.

Statistics show that in 2021, online retail sales amounted to a staggering 4.9 trillion dollars, with purchases made by over two billion customers.

Experts anticipate that this trend will continue as more people select the ease of internet shopping. Unfortunately, it has also encouraged cyber criminals to target this area.

These two factors have prompted retailers and security experts to focus on improving online retail cybersecurity measures. 

The wait is finally over and PCI DSS v4.0 is released today, 31st March 2022. Whatever the size of your organisation, volume of payments or size of in-scope network, there will be an impact to you of some kind, but for today it's business as usual.

In this post, we discuss six areas in PCI DSS v4.0, which we think you should be aware of today, with much more detail to come.

For now, we will take it easy and focus on the key themes and changes: