Hot, hot, hot . . . Hot Topic! (PCI version 4)
If you read the title to this blog to the cadence of the hot chocolate song from the Polar Express, well done – you win! I have no idea what you won, so let’s just call it bragging rights. Ok, enough of me and my strange sense of things, let’s get on to the actual “Hot Topic”, PCI DSS v4. For those wondering, “What does that actually mean”, well – Payment Card Industry Digital Security Standards version 4. Now you can go out and impress your friends with that bit of trivia. Ok, back on topic. The most talked about subject in the realm of IT security assurance is the upcoming release of new payment card security standards.
Should I be panicking and becoming a cash only business?
ABSOLUTELY – not! The current economic structure makes it almost impossible to run a business and generate revenue sufficient to paying your expenses in a timely manner without the use of credit card transactions. The ability to barter and trade for goods and services is an art that has been lost to the ages. Even mom and pop businesses (what we used to call small individually owned family businesses) are able to accept card payments with little effort on their part, thanks to the likes of Square and Paypal acting as a processing partner. So the short answer is – No, don’t panic or worry. We will get through this together.
What is THE biggest change coming from version 4?
This is a complicated answer. A lot has changed and what is the biggest for one entity may have little to no impact on others. Overall if I had to list what I believe to be the overall most impactful changes within PCI v4, compared to the current version (3.2.1) it would be one, or both of the following:
- A focus on ownership and accountability. Each of the 12 sections of requirements within the DSS has always started off with “what is the policy/standard used to govern this area and does it do so in a PCI compliant manner?” This hasn’t changed but they have added a sub requirement to also specify who owns these processes and standards. Who is the member of management responsible for controlling the requirements in each section and who is the person responsible for making certain the daily requirements are followed. For those companies that have been focused on strong governance to build a robust security culture this will most likely already be documented. For those companies that take IT security as something the “IT people handle”, this will be a cultural shift. The days of IT security and security assurance being run out of that dark closet in the basement by lads named Roy and Moss are coming to an end. The threat landscape continues to evolve faster than the defensive posture of most companies and we are well past the time that a secure culture is prioritized in most, if not all companies.
- Management of the assurance process. What does this mean exactly? Well, it means that if you are reading the DSS, and it says you must have “insert requirement here” to be compliant, but you think for your environment you have a better way that provides more security and functionality for your specific environment – you can now do it your way. HOWEVER, before you run down this rabbit hole you need to be very mindful of what it truly entails. The introduction of the “customized approach” at first glance looks like an invitation to ignore the security standards and just do things your way. To quote a great general of my time, “It’s a trap.” Now, I’m not saying the council is setting you up for failure with this, what I mean to say is that line of thought is the trap. The amount of work needed to use the customized approach is significantly higher than the standard way of achieving compliance. For EACH requirement that you wish to do the customized approach with you must do a validated targeted risk assessment. (On top of the one already required and each one is specific to the individual requirement and must be done prior to the start of the assessment.)
There are some other changes, some of them significant but these are the ones that I feel are the most widespread. We will talk about the other changes coming with version 4 via future blogs and podcasts, so don’t worry. We will cover it all.
Ok, so break it all down for me. How do I prepare for v4?
The initial steps are like any other issue or change in the environment. Educate yourself. Seek out blogs on topics you feel need improvement. Read other posts, find podcasts, videos, articles. The council website (https://www.pcisecuritystandards.org/document_library/) has a lot of great information. Once you feel like you have a decent understanding of the v4 requirements start looking over your environment to see how it impacts your day-to-day operations. When you identify areas that are lacking, create a workstream for a project. Some of these will be for upgrades to processes, etc and others will be for the customized approach (and unfortunately some will be for compensating controls.)
If this sounds like a large amount of work, then that is good. Take PCI seriously and do the work thoroughly. Remember the goal is NOT to be PCI compliant but rather to be as secure as possible, with PCI compliance being one of your KPIs that you are achieving your goals.
Conclusion
I know we only scratched the surface on PCI DSS v4, but to discuss it all would require me to write you a book (you are welcome to print out the blogs on the topic and put them in a folder if that is what you desire – I will be truly flattered). If you feel as though the change is too much, we understand. Those of us here at TBF work in IT security assurance, governance, and data privacy full time and it is a lot for us to take in as well, so know that you are not alone in that feeling. However, it is manageable with the proper processes and planning in place. There are also other consultants out there who can help you (and will do so gladly).
Find someone that you trust and will take the time to get to know you, your environment, and your company’s threat appetite to work with you on the preparation and transition over to v4. You have all of 2023 to get the work done, so while there isn’t time to waste you have time to plan and take action.
As always, if you have any questions reach out to us via social media or our contact information listed on the website.
Thanks for reading. Talk to you soon!
Shawn Adams – @TBF_shawn (twitter)
Great content! Super high-quality! Keep it up!
Thank you for your help and this post. It’s been great.
Please tell me more about your excellent articles
I want to thank you for your assistance and this post. It’s been great.
Ищите в гугле
The articles you write help me a lot and I like the topic
Thank you for any other wonderful article. Where else may just anybody get that type of info in such an ideal manner of writing? I’ve a presentation next week, and I’m at the search for such information.
I am really enjoying the theme/design of your weblog. Do you ever run into any internet browser compatibility issues? A few of my blog audience have complained about my site not operating correctly in Explorer but looks great in Opera. Do you have any suggestions to help fix this issue?
I think this is among the most significant information for me. And i am glad reading your article. But should remark on few general things, The site style is great, the articles is really nice : D. Good job, cheers
Thank you for the good writeup. It actually was a leisure account it. Glance complicated to far added agreeable from you! By the way, how can we keep up a correspondence?
its fantastic as your other articles : D, regards for putting up.
Very interesting topic, thankyou for putting up.
Shawn’s Blog”.
Website: https://talkchatgpt.com
чат джи пи ти
May I request that you elaborate on that? http://www.kayswell.com Your posts have been extremely helpful to me. Thank you!
The articles you write help me a lot and I like the topic http://www.kayswell.com
Thank you for writing this post. I like the subject too. http://www.kayswell.com
May I request more information on the subject? http://www.kayswell.com All of your articles are extremely useful to me. Thank you!
That is very fascinating, You are an excessively professional blogger. I have joined your feed and look ahead to in search of extra of your fantastic post. Additionally, I’ve shared your site in my social networks!
I’m not that much of a internet reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back down the road. Many thanks
I just like the valuable information you provide on your articles.I’ll bookmark your blog and test again here frequently. I’m quite certain I’ll be informed plenty of new stuff proper right here! http://www.kayswell.com Good luck for the next!
Hello just wanted to give you a brief heads up and let you know a few of the images aren’t loading correctly. I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same results. http://www.kayswell.com
When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get several emails with the same comment. Is there any way you can remove people from that service? Many thanks! http://www.kayswell.com
Hi every one, here every person is sharing these kinds of knowledge, therefore it’s good to read this blog, and I used to pay a quick visit this blog daily. http://www.ifashionstyles.com
Thanks for your post. I would like to comment that the cost of car insurance varies from one scheme to another, since there are so many different facets which play a role in the overall cost. Such as, the model and make of the car or truck will have a massive bearing on the price. A reliable older family car or truck will have a less expensive premium than a flashy fancy car.
Have you ever thought about adding a little bit more than just your articles? I mean, what you say is valuable and everything. Nevertheless think about if you added some great pictures or video clips to give your posts more, http://www.kayswell.com“pop”! Your content is excellent but with pics and videos, this site could certainly be one of the best in its niche. Terrific blog!
This is the right webpage for anybody who wishes to understand this topic. You realize so much its almost tough to argue with you (not that I really will need to…HaHa). You certainly put a fresh spin on a topic which has been discussed for ages. Excellent stuff, just wonderful! http://www.hairstylesvip.com
I’m not that much of a internet reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back in the future. http://www.kayswell.com
to this require a great deal of work? I have very little knowledge of computer programming however I had been hoping to start my own blog in the near future. Anyway, should you have any suggestions or tips for new blog owners please share. I understand this is off topic but I simply needed to ask.
I used to be able to find good advice from your blog articles.
I have been examinating out a few of your stories and it’s nice stuff. I will make sure to bookmark your blog.
I have discovered that intelligent real estate agents everywhere you go are getting set to FSBO Advertising. They are knowing that it’s more than simply placing a sign post in the front place. It’s really in relation to building connections with these dealers who sooner or later will become customers. So, when you give your time and effort to supporting these dealers go it alone : the “Law associated with Reciprocity” kicks in. Interesting blog post.
This is very attention-grabbing, You are an excessively professional blogger.I’ve joined your feed and stay up for in quest of extra of your fantastic post. Also, I have shared your web site in my social networks。
Your mode of explaining everything in this piece of writing is genuinely pleasant, every one be capable of simply be aware of it, Thanks a lot.
What’s up i am kavin, its my first time to commenting anywhere, when i read this paragraph i thought i could also make comment due to this sensible post.
This is very attention-grabbing, You are an excessively professional blogger.I’ve joined your feed and stay up for in quest of extra of your fantastic post. Also, I have shared your web site in my social networks。
Thanks , I’ve just been looking for information approximately this topic for a while and yours is the greatest I’ve found out so far. But, what about the conclusion? Are you certain about the supply? http://www.kayswell.com
Right here is the perfect blog for everyone who hopes to find out about this topic. http://www.kayswell.com You understand so much its almost hard to argue with you (not that I actually will need to…HaHa). You definitely put a freshspin on a topic that has been written about for decades.Excellent stuff, just great!
Do you mind if I quote a few of your articles as long as I provide credit and sources back to your website? My website is in the exact same area of interest as yours and my visitors would definitely benefit from some of the information you provide here. http://www.kayswell.com
wonderful points altogether, you just received a new reader. What would you suggest about your put up that you simply made some days ago? Any positive?
I know this if off topic but I’m looking into starting my own blog and was curious what all is needed to get setup? I’m assuming having a blog like yours would cost a pretty penny? http://www.kayswell.com I’m not very web savvy so I’m not 100 sure. Any recommendations or advice would be greatly appreciated. Thanks
great points altogether, you simply received a logo new reader. What might you suggest in regards to your publish that you just made a few days in the past? Any positive?
Hiya! Quick question that’s totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my apple iphone. I’m trying to find a template or plugin that might be able to correct this issue. If you have any suggestions, please share. http://www.kayswell.com
Thanks for your article. What I want to point out is that while looking for a good online electronics retail outlet, look for a site with entire information on important factors such as the security statement, basic safety details, payment guidelines, as well as other terms plus policies. Constantly take time to read the help and FAQ areas to get a greater idea of how the shop performs, what they are capable of doing for you, and ways in which you can make use of the features.
This is a topic that’s near to my heart… Many thanks! Where are your contact details though?
This is my first time pay a visit at here and i am really pleassant to read all at single place.
Thanks , I’ve just been looking for information approximately this topic for a while and yours is the greatest I’ve found out so far. But, what about the conclusion? Are you certain about the supply?
Superb post however , I was wanting to know if you could write a litte more on this subject? I’d be very grateful if you could elaborate a little bit further. http://www.ifashionstyles.com
Hello very nice web site!! Man .. Beautiful .. Amazing .. I will bookmark your site and take the feeds also? I am satisfied to seek out so many useful information here in the put up, we want work out extra techniques on this regard, thank you for sharing. http://www.ifashionstyles.com
Fantastic blog! Do you have any tips for aspiring writers? I’m planning to start my own website soon but I’m a little lost on everything. Would you suggest starting with a free platform like WordPress or go for a paid option? There are so many options out there that I’m totally confused .. Any ideas?
Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your site is great, let alone the content!
Hi every one, here every person is sharing these kinds of knowledge, therefore it’s good to read this blog, and I used to pay a quick visit this blog daily.
I’m extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing,it is rare to see a nice blog like this one today.
This is very attention-grabbing, You are an excessively professional blogger.I’ve joined your feed and stay up for in quest of extra of your fantastic post. http://www.ifashionstyles.com Also, I have shared your web site in my social networks。
Sweet blog! I found it while browsing on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Many thanks
I’d like to thank you for the efforts you have put in writing this blog.I’m hoping to check out the same high-grade content from you later on as well. In truth, http://www.ifashionstyles.com your creative writing abilities has motivated me to get my very own website now 😉
Hi! I’ve been following your site for a long time now and finally got the courage to go ahead and give you a shout out from Porter Texas! Just wanted to tell you keep up the great job!
Hurrah! In the end I got a weblog from where I know how to truly take helpful information regarding my study and knowledge.
Good day! Would you mind if I share your blog with my facebook group? There’s a lot of folks that I think would really appreciate your content. Please let me know. Thanks
Fantastic blog! Do you have any tips for aspiring writers? I’m planning to start my own website soon but I’m a little lost on everything. Would you suggest starting with a free platform like WordPress or go for a paid option? http://www.kayswell.com There are so many options out there that I’m totally confused .. Any ideas?
Hello my loved one! I wish to say that this post is amazing, great written and include approximately all significant infos. I would like to peer extra posts like this .
Woah! I’m really enjoying the template/theme of this website. It’s simple, yet effective. A lot of times it’s very difficult to get that “perfect balance” between user friendliness and appearance. I must say you’ve done a very good job with this. Additionally, the blog loads very quick for me on Safari. Exceptional Blog!
Hello There. I found your blog the use of msn. This is a really well written article. I will make sure to bookmark it and come back to read extra of your useful info. Thanks for the post.
I’ve been surfing online more than 3 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the web will be much more useful than ever before.
I like the valuable info you provide to your articles. I will bookmark your weblog and check once more here regularly. I am reasonably sure I’ll be told lots of new stuff proper right here! Best of luck for the following!
I’d like to thank you for the efforts you have put in writing this blog.I’m hoping to check out the same high-grade content from you later on as well. In truth, http://www.hairstylesvip.com your creative writing abilities has motivated me to get my very own website now 😉
Great blog you’ve got here.. It’s difficult to find excellent writing like yours these days. I seriously appreciate individuals like you! Take care!! http://www.kayswell.com
Your mode of explaining everything in this piece of writing is genuinely pleasant, every one be capable of simply be aware of it, Thanks a lot.
Hello mates, its wonderful post on the topic of cultureand entirely explained, keep it up all the time.
Hello mates, its wonderful post on the topic of cultureand entirely explained, keep it up all the time.
I like the valuable info you provide to your articles. I will bookmark your weblog and check once more here regularly. I am reasonably sure I’ll be told lots of new stuff proper right here! Best of luck for the following!
constantly i used to read smaller articles or reviews that also clear their motive,and that is also happening with this piece of writing which I am reading here.
Have you ever considered about including a little bit more than just your articles? I mean, what you say is fundamental and all. However imagine if you added some great images or video clips to give your posts more, “pop”! Your content is excellent but with images and clips, this website could undeniably be one of the best in its field.
Right now it sounds like WordPress is the preferred blogging platform out there right now. (from what I’ve read) Is that what you are using on your blog?
It’s enormous that you are getting ideas from this paragraph as well as from our dialogue made at this time.
What i do not understood is actually how you’re no longer really much more well-preferred than you may be now. You’re very intelligent. You know thus significantly in terms of this subject, made me personally believe it from a lot of numerous angles. Its like men and women aren’t interested unless it’s something to do with Girl gaga! Your individual stuffs great. At all times deal with it up!
Nice post. I learn something totally new and challenging on blogs I stumbleupon on a daily basis.It will always be useful to read through content from other authors and use a little something from other websites.