Deadlines, requirements and Updates for PCI DSS V4

 

PCI DSS V4 Important dates

Here are some important dates to remember. we've organized these by SAQ level to help you keep track of just what's important to you. 

You can subscribe to otto-js deadline reminders to help keep you organized. 

otto-scheduled updates

Most important updates to PCI DSS V4

11.6.1:6.4.3: 

The first deadline is in 2024, but the hard deadline is effective March 31st, 2025. 

That may seem like a lot of time, but for acquiring banks, that's just around the corner. Now is a good time to start surveying your merchants for readiness. 

PCI DSS v4 introduces several new requirements and updates existing ones to help prevent client-side attacks such as Magecart. Here are a few examples:

  1. Secure design principles: PCI DSS v4 requires organizations to incorporate secure design principles when developing new applications or deploying new technologies, including client-side scripts. This ensures that security is built into the product from the beginning, rather than being added as an afterthought.

  2. Strengthened encryption requirements: The new version of PCI DSS emphasizes the importance of strong encryption to protect sensitive data. It requires organizations to use up-to-date encryption standards and technologies to secure data at rest and in transit.

  3. Enhanced testing and validation: PCI DSS v4 introduces new testing and validation requirements to ensure that client-side scripts and other applications are thoroughly tested before they are deployed. This includes testing for vulnerabilities and weaknesses that could be exploited by attackers.

  4. Increased focus on supply chain security: The new version of PCI DSS places a greater emphasis on supply chain security. It requires organizations to ensure that their third-party vendors and partners are also compliant with PCI DSS and are taking appropriate steps to protect sensitive data.

Overall, PCI DSS v4 aims to provide a more comprehensive and proactive approach to security, with a focus on risk management and continuous monitoring. By following these new regulations, organizations can better protect themselves against client-side attacks and other types of cyber threats.

 

Read more
otto-js compliance team
otto-js compliance team

Comments

Related posts

5 min reads: Important updates, tips and news to keep you in the know. Search