Compliance doesn’t always translate into effective payment card security. The need to meet data privacy regulatory requirements is big driver for security spending, but too often organizations struggle to maintain protections during the interim periods between Payment Card Industry Data Security Standard (PCI DSS) audits. This lack of consistent enforcement leaves organizations that handle sensitive financial information vulnerable to breaches.
To address this, industry leaders have been an active education campaign to outline how important instituting compliance measures continuously is to the security posture of an enterprise. To further help organizations establish security controls and best practices that are a good fit for their environment, the Payment Card Industry Security Standards Council introduced PCI DSS 4.0 in March 2022. PCI DSS 4.0 allows enterprises two optional models to deploy and validate PCI DSS controls. Organizations now have the option to implement either a defined approach that follows the directives of the standard or a customized that meets the requirements in a way that diverges from the way the controls are outlined in the specification.
A customized approach to payment card security
In the customized approach, the enterprise will need to demonstrate iron-clad security processes and effective risk management practices through design, documentation, and testing. To achieve a strong security posture, whether the enterprise uses a defined or customized approach to PCI security, they will need to maintain controls always, not just in preparation for an assessment.
There are some indications that organizations are getting the message about consistent enforcement of PCI protection measures even in advance of the new PCI version’s debut. In its Payment Security Report issued earlier this month, Verizon cited progress in consistency and closing control gaps. Based on data collected from both Verizon and external PCI security assessors in 2020, 43% achieved full compliance versus 30% in 2019. While the progress is notable, it still underscores that more than half of the assessed failed interim audits. There is clearly more work to be done.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData