15 min
The Clock Is Ticking on PCI DSS 4.0 Compliance: Is Your Business Ready? The PaymentsJournal Podcast
-
- Business News
Now that the Payment Card Industry Data Security Standard 4.0 has gone into effect, merchants have a year to conform to the 63 new or updated requirements. With many moving parts to the standard, some businesses may struggle to understand their compliance obligations. Simultaneously, they also don’t want to risk creating friction in the customer experience as they introduce the new security measures.
In a recent PaymentsJournal podcast, Sukanya Madhavan, Payments Chief Product and Technology Officer, at CSG Forte and Don Apgar, Director of Merchants Payment Practice for Javelin Strategy & Research, discussed the new rules. They examined the implications of the change and mapped out steps business owners can take to ease the shift to the new standard.
PaymentsJournalThe Clock Is Ticking on PCI DSS 4.0 Compliance: Is Your Business Ready?PaymentsJournal The Clock Is Ticking on PCI DSS 4.0 Compliance: Is Your Business Ready?PaymentsJournaljQuery(document).ready(function ($){var settings_ap10626342 = { design_skin: "skin-wave" ,autoplay: "off",disable_volume:"default" ,loop:"off" ,cue: "on" ,embedded: "off" ,preload_method:"metadata" ,design_animateplaypause:"off" ,skinwave_dynamicwaves:"off" ,skinwave_enableSpectrum:"off" ,skinwave_enableReflect:"on",settings_backup_type:"full",playfrom:"default",soundcloud_apikey:"" ,skinwave_comments_enable:"off",settings_php_handler:window.ajaxurl,skinwave_wave_mode:"canvas",pcm_data_try_to_generate: "on","pcm_notice": "off","notice_no_media": "on",design_color_bg: "111111",design_color_highlight: "ef6b13",skinwave_wave_mode_canvas_waves_number: "3",skinwave_wave_mode_canvas_waves_padding: "1",skinwave_wave_mode_canvas_reflection_size: "0.25",skinwave_comments_playerid:"10626342",php_retriever:"https://www.paymentsjournal.com/wp-content/plugins/dzs-zoomsounds/soundcloudretriever.php" }; try{ dzsap_init(".ap_idx_447753_17",settings_ap10626342); }catch(err){ console.warn("cannot init player", err); } });
Evergreen and Ongoing
One of the main things to know about PCI compliance is that it’s an evergreen and ongoing process. The purpose of the compliance program is to build a safety net for consumers to make sure they’re protected against bad actors. It also streamlines merchants’ card payments operations.
“The program is designed to ensure that customers have peace of mind when they provide their data to us,” Madhavan said. “It should be considered a continuous improvement process, where businesses look for innovative ways to solve the evolving challenges.”
In response to ongoing data breaches, the PCI standard mandates that merchants conduct quarterly internal and external vulnerability scans. Due to the sophisticated technology involved, it’s critical to have an individual who is well-versed in the systems to review these scans.
If merchants need help, quality security assessors (QSAs) and payments processors can give guidance. Often, the issues turn out to be basic security vulnerabilities involving passwords, such as password sharing or passwords that aren’t strong enough. There is help, however, if the issue is more complex.
“Merchants should know they can reach out to their processors, and there is a whole network of support,” Madhavan said. “It’s a partnership between the processor and the merchant to ensure that they are jointly taking care of the consumers’ data. Some processors have gone so far as to create instructional webinars, and there’s even a hotline.”
Not a Burden
Maintaining PCI compliance isn’t just about protecting customers.
Now that the Payment Card Industry Data Security Standard 4.0 has gone into effect, merchants have a year to conform to the 63 new or updated requirements. With many moving parts to the standard, some businesses may struggle to understand their compliance obligations. Simultaneously, they also don’t want to risk creating friction in the customer experience as they introduce the new security measures.
In a recent PaymentsJournal podcast, Sukanya Madhavan, Payments Chief Product and Technology Officer, at CSG Forte and Don Apgar, Director of Merchants Payment Practice for Javelin Strategy & Research, discussed the new rules. They examined the implications of the change and mapped out steps business owners can take to ease the shift to the new standard.
PaymentsJournalThe Clock Is Ticking on PCI DSS 4.0 Compliance: Is Your Business Ready?PaymentsJournal The Clock Is Ticking on PCI DSS 4.0 Compliance: Is Your Business Ready?PaymentsJournaljQuery(document).ready(function ($){var settings_ap10626342 = { design_skin: "skin-wave" ,autoplay: "off",disable_volume:"default" ,loop:"off" ,cue: "on" ,embedded: "off" ,preload_method:"metadata" ,design_animateplaypause:"off" ,skinwave_dynamicwaves:"off" ,skinwave_enableSpectrum:"off" ,skinwave_enableReflect:"on",settings_backup_type:"full",playfrom:"default",soundcloud_apikey:"" ,skinwave_comments_enable:"off",settings_php_handler:window.ajaxurl,skinwave_wave_mode:"canvas",pcm_data_try_to_generate: "on","pcm_notice": "off","notice_no_media": "on",design_color_bg: "111111",design_color_highlight: "ef6b13",skinwave_wave_mode_canvas_waves_number: "3",skinwave_wave_mode_canvas_waves_padding: "1",skinwave_wave_mode_canvas_reflection_size: "0.25",skinwave_comments_playerid:"10626342",php_retriever:"https://www.paymentsjournal.com/wp-content/plugins/dzs-zoomsounds/soundcloudretriever.php" }; try{ dzsap_init(".ap_idx_447753_17",settings_ap10626342); }catch(err){ console.warn("cannot init player", err); } });
Evergreen and Ongoing
One of the main things to know about PCI compliance is that it’s an evergreen and ongoing process. The purpose of the compliance program is to build a safety net for consumers to make sure they’re protected against bad actors. It also streamlines merchants’ card payments operations.
“The program is designed to ensure that customers have peace of mind when they provide their data to us,” Madhavan said. “It should be considered a continuous improvement process, where businesses look for innovative ways to solve the evolving challenges.”
In response to ongoing data breaches, the PCI standard mandates that merchants conduct quarterly internal and external vulnerability scans. Due to the sophisticated technology involved, it’s critical to have an individual who is well-versed in the systems to review these scans.
If merchants need help, quality security assessors (QSAs) and payments processors can give guidance. Often, the issues turn out to be basic security vulnerabilities involving passwords, such as password sharing or passwords that aren’t strong enough. There is help, however, if the issue is more complex.
“Merchants should know they can reach out to their processors, and there is a whole network of support,” Madhavan said. “It’s a partnership between the processor and the merchant to ensure that they are jointly taking care of the consumers’ data. Some processors have gone so far as to create instructional webinars, and there’s even a hotline.”
Not a Burden
Maintaining PCI compliance isn’t just about protecting customers.
15 min