PCI DSS 4.0 Timeline: The Eleventh Requirement and System Testing

PCI DSS 4.0 featured

System security is one task of many in organizations focused on compliance, one that requires continuous monitoring and diligence to ensure its success. One of the more critical aspects of compliance requirements like PCI DSS 4.0 is ongoing testing of system and network components. 

What does that process look like for companies in the payment industry? It involves a combination of active and passive testing methods to document and follow up on unauthorized changes. 

 

Read More

Timeline for PCI DSS 4.0: The Ninth Requirement and Physical Access Security

pci dss 4.0 featured

When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic.

This article will discuss this requirement and exactly what it means to approach the physical security of systems containing cardholder data in compliance with PCI DSS.

 

Read More

Timeline for PCI DSS 4.0: The Eighth Requirement and Strong Authentication

pci dss 4.0 featured

Moving through the requirements of PCI DSS 4.0, we’re well over halfway through. During this journey, we’ve touched on cryptography, security and perimeter management, network security, authorization, and other critical security considerations. Now, we come up against the authentication and identity management problem with the eighth requirement. 

Authentication isn’t simply about passwords and CAPTCHAs, however. Regarding payment processing and protecting cardholder data, retailers and processors are expected to implement strong and effective authentication at the point of purchase and in any system that holds PAN information. 

 

Read More