What is PCI DSS?

Lee Dugdale • February 27, 2024

Is your company handling credit card data? 


Are you up to date with the latest compliance rules for PCI DSS 4.0? 


You have until 1st April 2024 to fully comply with these new standards. 

What is PCI DSS? 
The Payment Card Industry Data Security Standard (PCI DSS) ensures that payment card fraud is kept to a minimum and that payment card data is secure. It focuses on the handling and security of payment card information & protecting cardholders against misuse of their personal data If you're accepting, storing, transmitting, or processing cardholder data, you must follow the PCI Security Standards Council rules. Non-compliance can lead to heavy fines, transaction restrictions and permanent expulsion from payment card acceptance programmes. 

 


What are the critical changes in version 4? 


Customised Implementation Approach


Organisations now have the freedom to choose how they implement technology for compliance. Custom implementation allows companies to create plans to meet the rules in a way that suits their needs, which is particularly beneficial for larger companies with robust in-house compliance strategies. 


 Increased Focus on Vulnerability Management


Version 4 mandates addressing all vulnerabilities, regardless of severity level, prioritising the most critical. This shift recognises that any vulnerability, when exploited, can potentially lead to a data breach impacting cardholder data. 


Malware and Phishing Controls


While not a new standard, PCI DSS version 4 requires scanning all removable media devices with malware detection software to mitigate the threat of cyberattacks. This includes USBs and external hard drives, emphasising the need to overcome isolation strategies like air gaps. 


Improved Cybersecurity Awareness Training


Version 4 specifies more defined requirements for staff training. Staff must undergo training at least every 12 months, with the material reviewed annually to reflect the latest threat landscape developments. Topics include social engineering and phishing attacks. 


More Secure User Authentication
 

PCI DSS 4.0 introduces a new access control requirement, mandating Multi-Factor Authentication (MFA) for securing access to Cardholder Data Environments (CDE). This helps minimise the risk of account data compromise, aligning with the regulation's expectations for social engineering training. 


 


Additionally, PCI DSS 4.0 introduces 60 new requirements, including: 


- Keeping an inventory of all cryptography. 


- Mitigating eCommerce skimming attacks. 


- Implementing automated access log reviews. 



It's crucial for businesses processing credit card data to familiarise themselves with these changes and ensure full compliance by the specified deadline to maintain a secure payment processing environment. 


 

How can 1-Fix Limited help? 
 

We have created a useful compliance checklist for you to use to determine any gaps your organisation may have. You can view and download the free checklist here.


You can also arrange a call with us to identify gaps and how we can assist you to become compliant. We offer a PCI DSS course through our approved training partner to cover all aspects of compliance and staff training. 

Join Our Mailing List

All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.

IT Support Services
Cybersecurity Deep-Dive
IT Cloud Migration Service

Recent Blogs

Cyber Essentials Logo on a dark background
By Craig Atkins April 17, 2025
Cyber Essentials 101: what every business needs to know. Thursday 8th May, 2pm
The words 'Comms Business Awards' in large letters with blue and black background
By Jess Dugdale April 16, 2025
We’re absolutely delighted to share that our Client Manager, Lee , has been shortlisted for the Hidden Hero Award at the Comms Business Awards – and we couldn’t be prouder!
Photo of the 1-Fix team stood in a line smiling at the camera
By Jess Dugdale April 8, 2025
We've moved! 1-Fix is now based in Bracknell, Berkshire - Your trusted IT support partner in the Thames Valley
Image of a gravestone with the writing 'Windows 10 2015-2025'
By Craig Atkins April 1, 2025
As we approach October 2025, the end of life for Windows 10 is just around the corner. For many businesses, this coincides with the start of a new budget cycle in April, making it the perfect time to consider upgrading to Windows 11. In this blog post, we'll explore the benefits of making the switch early and how it can positively impact your business.
By Craig Atkins February 25, 2025
Multi-Factor Authentication (also known as 2-Factor authentication, 2FA and MFA) has become a widely adopted seucirty measure to protect business' data. However, it's becoming more apparent just how easy it may be for hackers to get around it.
Image of a keyboard with a padlock on top
By Lee Dugdale-Shutts February 10, 2025
Data loss can occur due to various reasons, including hardware failures, cyberattacks, natural disasters, and human error. To protect your business from these risks, it's crucial to implement a strong data backup and security strategy.
Show More