News

New PCI-DSS standards will be coming soon

We can expect a new PCI-DSS standards version 4.0 will be released by end of this year or mid-2021. For those are not familiar with PCI-DSS standards, i will explain so that everyone can on the same level.

Payment Card Industry Data Security Standard(PCI-DSS) is an standards in information security areas been written to protect an attack that related to credit card fraud and numerous additional security threats and vulnerabilities.

Below are the listing on the version with release date for your reference.

Release VersionRelease Date
1.0December 15, 2004
1.1September 2006
1.2October 2008
1.2.1July 2009
2.0October 2010
3.0November 2013
3.1April 2015
3.2April 2016

For several years now, a group of hackers have been targeting the financial services industry especially bank sectors. Over 271,000 reports of credit card fraud have been issued within the United States last year alone.

A lot of customers/ consumers will normally prefer using online payments and debit/credit cards transactions rather than paying with cash and it will cause an attack related to card fraud case will be increased in the coming years.

The main purpose of PCI-DSS should be used in the organizations/system is to protect the consumers’ cardholder data been exploited by the hacker. What we can expected from PCI-DSS 4.0 is been listed as follows:

  • The standards will need to continues to follow-up with the latest vulnerabilities trends and also need to meet the security needs of the payments industry
  • To achieve security in the system and organization, an additional methodology supports and also flexibility need to improve
  • The continuous process will be needed in order to promote security in organizations.
  • To improve and enhance anything that required validation methods and procedures.

PCI-DSS 4.0 still need some tweak on the documentation by the industry consultation around the world before it can be released as final documents, the areas that organization need to aware would be something such as:

  1. Authentication where an organisation will need some specific consideration regarding NIST MFA or password guidance
  2. Encryption process and layer on cardholder data on trusted networks will need to improve in terms of broader the applicability
  3. Technology advancement will need to be considered within monitoring requirements

Source: Is your organization prepared for PCI DSS 4.0?