PCI DSS 4.0 Payment credit card industry Data security standards Certification Singapore, Manila
GQS Launches PCI DSS 4.0 consultancy support for compliance audits in Singapore, Philippines, Indonesia, Thailand, Japan, Malaysia.
Need to be more technologically agnostic ?
In today’s Cybersecurity threat landscape, there are multiple updated requirements that will help you to come out of the security loopholes and focus on ZERO trust architecture. The new version of PCI DSS and the main aim is to represent ways to protect the data is the answer for the payment card industry.
What does it concentrate?
PCI DSS is the PCI data security standard and it was initially established in the year 2004. Starting from version 1 (v1), there are so many versions upto version 4 (v4) and these are maintained by the PCI security standards council. If you are in need to protect your cardholder data with both operational and technical requirements, then you can go for the PCI DSS standard 4.0 version.
Goals:
For all the payment industry security needs, the PCI DSS 4.0 standards are entitled to promote security in a continuous process. This will add flexibility to the security patterns in different methodologies and hence the method of validation will be improved greatly.
To note:
It is to note that the PCI DSS version 4 are noted in the best practice and the organizations must validate against those provided dates and once it reaches the date, they will become the most important one.
Now if you complete your training in the PCI DSS v4.0, then the corresponding entities must assess either PCI DSS v4.0 or the PCI DSS v3.2.1.
Your benefits into this transition:
You can meet all the security needs for your payment industry and also this will be mapped as the security threats changes. In this new version, the included features are
§ Multi-factor authentication (MFA) requirements
§ Password requirements are updated as per the current industry standards
§ To address each and every new threat, exciting e-commerce and phishing standards are evolved
§ Updated the sensitive authentication data (SAD) secure handling
§ Provided higher insight for the vulnerability landscape
What you need to remember ?
There will be an official release date for the PCI DSS v4.0 with the required validation documents. Then, there will be some training and supporting documents for that release. After this process, the PCI DSS v3.2.1will be retired and once the older ones are expired, the new requirements will come into effective.
And people, what else is needed for your industry if security is made as a continuous process !
Since, it is crucial to protect the payment data there are clearly assigned goals and responsibilities on each of the requirement. The new update also mentions that the PCI scope of entity must be documented and confirmed by them annually. They can also refer to the early sections of the ROC template.
Modern technologies !
Yes! There is a firewall and now called the national security standards (NSC’s), that are imparted in all the wireless networks and the CDE as a part of data protection method. Also, in addition, there will be limited exposure to the group or the shared accounts.
And the most important thing is that, a 90-day password change requirement is brought as a result of analysing the real-time access to the resources. This requirement will also be limited if any additional MFA requirements are brought into the picture.
Make this into effective with the Global Quality Services and you can drastically meet the intent of the requirements.
Cebu, Clark, Pampanga, Hermosa Eco Industrial Park, Light Industry Science Park, Bacolod City, Sta. Rosa Laguna, Davao, Aurora Pacific Economic Zone, Authority of the Freeport Area of Bataan, Cagayan Special Economic Zone, Baguio City Economic Zone, Cavite Economic Zone, First Philippine Industrial Park, Hacienda Luisita, Kananga Special Economic Zone, Lima Technology Center, Silangan Industrial Park, Subic Special and Economic Zone, Tablas Economic Zone, Zamboanga City Economic Zone
