Payments Testing - December 20, 2023
It should come as no surprise that the PCI Security Standards Council's new standard, PCI DSS 4.0, goes into effect on April 1, 2024 (no fooling). The updated standard has been re-designed to try and keep pace with all the recent changes that have taken place across the industry, both in terms of advancements in technology and in the volume and sophistication of security threats that we face.
The new standard has been introduced with the following goals in mind:
- Ensure the standard continues to meet the security needs of the payment card industry.
- Add flexibility and support additional methodologies to improve security.
- Promote security as a continuous process.
- Enhance validation methods and procedures.
It is important to note that PCI DSS 4.0 is not just another regulatory update; it's a comprehensive overhaul designed to fortify the payment industry's defenses in a rapidly changing digital landscape. By embracing these changes proactively, your organization can ensure not only compliance, but also a stronger security posture that protects your customers and your reputation.
It’s Your Money
According to the Nilson Report (December 2023), global payment card fraud losses exceeded $33 billion in 2022. So the PCI changes address several key areas to help fight fraud:
Authentication requirements: This includes broadening the required use of multi-factor authentication (MFA), increasing password length to 12 characters, as well as extending the scope of the standard to include mobile, the Internet of Things and the cloud.
A crackdown on phishing: To comply with the Standard, organizations in the payments industry will be required to implement automated email security software that can locate and block phishing emails, as well as raise security awareness from a best practice to a requirement.
E-commerce security: Companies will be required to conduct weekly checks to ensure that there are no third-party scripts or malicious code in their software to better secure the e-commerce environment.
Other requirements will also address social engineering and other evolving attacks against payment applications, and organizations will be required to review and update their programs at least once every 12 months - with an emphasis on roles, responsibilities and documentation.
As we noted in our previous blog, PCI DSS 4.0 Changes: Is Your ATM Fleet Ready for 2024?, there are a number of hardware and encryption-related changes that have a significant impact on ATM deployers.
How Do You Roll With the Changes?
The PCI DSS 4.0 changes add even more complexity to an already very complex payment processing environment, making it even more important than ever for financial services organizations to have efficient ATM testing systems in place.
We have written much about the advantages of virtualization and automation as they apply to both ATM testing tools and payment testing. From our perspective, there is no question that these technologies will improve the speed, accuracy and security of your testing operations – significantly reducing the effort required to maintain compliance with changing standards like PCI DSS 4.0.
Need help? Interested in learning more about how tools such as Paragon’s Web FASTest and VirtualATM solutions can help you meet the latest PCI DSS 4.0 requirements? Click on the link below and let’s schedule a time to talk.
