On 31 March 2022, the Payment Card Industry Security Standards Council (PCI SSC) released version 4.0 of the PCI Data Security Standard (PCI DSS), a global standard which establishes a baseline of technical and operational requirements for protecting payment card information. In URM’s April 2022 webinar URM provided an overview of the new Standard which is being updated to address evolving risks and changes in the security landscape, reinforce security as a continuous process and to support the use of different security technologies.
In this follow-up webinar, URM’s QSAs will be honing in on some of the brand new requirements that have not featured in previous versions of the PCI DSS and explaining what the objectives of these requirements are and how best to meet these requirements.
Examples of some of the new requirements we will be exploring include the need to:
- Deploy automated anti-phishing software
- Authorise, integrity check and justify all web payment page scripts
- Force password changes or implement a zero-trust system with single-factor authentication accounts.
With therelease of updated self assessment questionnaires (SAQs) for v4.0, we willguide you through the key changes and which SAQs have had brand newrequirements added. To illustrate thelevel of changes, one of the most straight forward questionnaires, SAQ-A, hasbeen expanded from 21 to 29 requirements. It now includes aspects such as the need to authorise, check, andjustify payment page scripts and forced password changes for single-factoraccounts among others.
As with allURM webinars, you will also have the opportunity to ask any specific questionsyou may have around new requirements being introduced by v4.0 of the Standard.