Navigate payment card industry (PCI) data security standard 4.0 requirements

With the release of PCI data security standard (DSS) 4.0, merchants should be aware of an updated compliance approach to avoid consequences of noncompliance, potential costs, and to prevent possible security breaches and user payment card data compromises.

This framework is designed to safeguard the personal payment data of customers when it’s stored, processed, and transmitted by the companies with whom they do business.

Below, learn more about:

• Who’s affected
• PCI DSS background
• Consequences of PCI DSS noncompliance
• When is the PCI DSS 4.0 release date?
• Updated PCI DSS compliance approaches
• Clarified existing and added requirements
• Next steps

Who’s affected?

Merchants and service providers who accept payment cards from Visa, Mastercard, Discover, American Express, and Japan Credit Bureau (JCB) must comply with the PCI DSS.

Some organizations that can affect the security of payment card data, such as merchants who take payments through iframe or direct posts, might be required to adhere to the PCI DSS.

Following is an overview of PCI DSS, the updated compliance approach, and new requirements.

PCI DSS background

In 1999, Visa introduced Cardholder Information Security Program (CISP) and implemented it in 2001 to protect cardholder data.