Overview
PCI DSS v4.0 is the latest version of the Payment Card Industry Data Security Standard, a set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The standard is managed by the PCI Security Standards Council (PCI SSC).
Key Requirements
- Build and Maintain a Secure Network: Install and maintain a firewall configuration to protect cardholder data
- Protect Cardholder Data: Protect stored cardholder data and encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program: Use and regularly update anti-virus software and develop and maintain secure systems and applications
- Implement Strong Access Control Measures: Restrict access to cardholder data on a need-to-know basis and assign a unique ID to each person with computer access
- Regularly Monitor and Test Networks: Track and monitor all access to network resources and cardholder data, and regularly test security systems and processes
- Maintain an Information Security Policy: Maintain a policy that addresses information security
Compliance Levels
- Level 1: Merchants processing over 6 million transactions per year
- Level 2: Merchants processing 1 to 6 million transactions per year
- Level 3: Merchants processing 20,000 to 1 million transactions per year
- Level 4: Merchants processing fewer than 20,000 transactions per year
Key Changes in v4.0
- Enhanced authentication requirements
- New e-commerce and phishing requirements
- Updated password requirements
- New requirements for targeted risk analysis
- Enhanced requirements for service providers
