So, what are the main takeaways from version four? There will definitely be new challenges that we’ll need to deal with such as keeping abreast of the threat landscape and understanding new technologies, particularly around mobile devices, data management and how they can benefit the organization. We need to make sure that we evolve the compliance program to accommodate new changes in the DSS while also making sure that we’ve got a very integrated, holistic and straightforward approach to managing compliance… because it really doesn’t need to be complicated!
Version four will also bring new opportunities. There will be increased awareness, particularly when it comes to cardholder data risks, and there’s the opportunity to have a better understanding of our business operations. It’s important to make sure that the operational, tactical and strategic objectives are more aligned and that we’re all moving in the same direction. If we can achieve that, then we will have a much more efficient approach to executing business processes. In addition, leveraging automation and continuous control monitoring will reduce the need for human intervention in some areas, which will create efficiencies in itself, but it will also ensure that our security controls are embedded and that we form a more effective business culture.
There’s a lot to consider here but don’t forget that PCI DSS version four will come with a transition period where organizations can continue with the program that they already have and be able to still comply with it and be assessed against it.
To find out more about PCI DSS v4.0, how it may benefit, and hinder, your organization and how you can best prepare, catch the full presentation here.