The payment industry has been anticipating drastic changes to its standards for several years now. These changes to the Payment Card Industry Data Security Standard (PCI DSS) are finally being implemented in the first half of 2022.
For retailers, such a change is an important development, though one that should be entirely handled by your credit card processing solution. Still, it’s a worthwhile development to stay aware of so that your business continues to be in full compliance with all modern regulations.
This post aims to cover what PCI compliance entails, what the PCI DSS v4.0 changes, and how your business must be prepared to receive the changes. We’ll largely avoid the technical details that your processing provider will handle, but we’ll point you in the direction of some additional resources on the matter.
What Is PCI Compliance?
For a full look at what PCI compliance is, check out our more extensive blog post on the topic.
The payment card industry implemented a set of consistent regulations in 2004 with the goal of protecting both merchants and consumers. In the end, it aims to prevent data theft and any form of payment fraud.
The standards have gone through numerous iterations. Prior to PCI DSS v4.0, version 3.2 replaced 3.1 in late 2016 and required all businesses to have fully implemented it by February 2018.
When Does PCI DSS v4.0 Go Into Effect?
In the works since late 2019, version 4.0 is getting rolled out in March/April of 2022, with training and implementation occurring in Q2 and Q3 of 2022.
All businesses will have a transition period in which to adopt the new version. v3.2 will remain in effect for 18 months following the release of v4.0. This allows merchant service providers the time to update their services and train their teams and, therefore, businesses time to become compliant with the new version.
There will be certain requirements within v4.0 that are “future-dated.” Such requirements will not be required immediately upon the retirement of v3.2, but will only be considered best practice. Such requirements won’t be confirmed until early 2025, at which time the implementation of v4.0 into the payment industry will be complete.
What Does PCI DSS v4.0 Change?
Like any of these PCI updates, v4.0 aims to provide greater security standards for both merchants and consumers. And while the core requirements are not expected to change, there are some new areas of focus that the security measures will tackle.
Protects against malware
Various forms of malware attacks have evolved in recent years and this portion of the change in compliance aims to address these. Rather than create an environment where businesses can pass periodic tests of compliance, the industry hopes to make PCI DSS an ongoing process with more data checkpoints and standards.
Stricter security requirements
Each business now faces greater requirements for security procedures and measures. Again, your credit card processor will be responsible for such protections. Ultimately, however, the burden of responsibility will fall on the business so it’s important to ensure that adequate steps are taken.
Multi-factor authentication
Security features across the board are adding two or even three-step authentication for access to secure information. v4.0 does the same for the payment industry. Such security measures will be applied to all touchpoints, including database access as well as customer transactional authentication.
Encryption
Another commonly used modern security feature, PCI DSS v4.0 will accelerate encryption standards in an effort to prevent data theft and malware.
How Can Your Business Prepare for PCI DSS v4.0?
Simply put, talk to your credit card processing provider. Though the burden of responsibility falls on the business, it’s the job of your merchant service provider to ensure full PCI compliance. After all, this is exactly what you pay a percentage of each transaction for.
If you’re a current KORONA POS user, we can help get you in touch with your provider. And if you’re thinking about making the switch to KORONA POS, reach out to us and we’ll set you up with some processing options. We give each of our users the opportunity to work with whichever processor they best see fit. Click below to get started.