trending
The PCI Security Standards Council (PCI SSC) issued PCI DSS 4.0 of the PCI Data Security Standard (PCI DSS) on March 31, 2022. This global standard establishes a baseline of technical and operational standards for protecting account data – but where are we at with the migration?
Given the level of strategic importance that payments play in both economies and at an enterprise level, businesses are continuously adapting their payments stacks to keep pace with evolving customer needs and expectations.
The pace of change creates bountiful opportunity for cybercriminals to exploit emerging points of vulnerability and capture critical customer data.
Maintaining a resilient cybersecurity posture in this environment is a constant battle for chief information security officers (CISOs).
For nearly two decades, enterprises and their payments partners have turned to the Payment Card Industry Data Security Standards (PCI DSS) for guidelines on how to mitigate payment data risks.
These guidelines have evolved with the industry, introducing new requirements to help businesses ward off emerging payment data threats.
The latest iteration, PCI DSS 4.0, introduces significant changes that enterprises must adapt to before the March 2025 deadline.
While PCI DSS 4.0 presents an array of operational and resource hurdles for enterprises, there are clear benefits for the industry.
Those that approach it with a strategic mindset stand to differentiate themselves in the marketplace and deliver a superior customer experience.
Backed by data from payment data security professionals at enterprises across nearly a dozen industry verticals, this report provides a view into the current state of payment data security and establishes a baseline for PCI DSS 4.0 readiness.
A new report, The State of Enterprise Readiness for PCI DSS 4.0, looks into the state of readiness for the update.
Key findings
Payment data security concerns are widespread and significant. 94% of respondents have significant or very significant concerns pertaining to payment data security, and only 21% say they are very confident in their ability to protect customer data today.
It necessitates a significant lift, and meeting the deadline is a growing concern. 93% of respondents indicate the changes required by PCI DSS 4.0 are significant. Further, 90% are concerned about meeting the timeline, and 64% say they would be likely or very likely to accept a timeline extension.
Education and execution remain low. Fewer than a third (31%) of surveyed payment data security professionals have a strong understanding of all requirements associated with change, and nearly half (49%) indicate their organizations have yet to begin executing on PCI DSS 4.0 changes.
Despite the challenges, enterprises overwhelmingly view PCI DSS 4.0 in a positive light. Four in five respondents (80%) agree or strongly agree that PCI DSS 4.0 is fair, necessary and for the betterment of the industry and consumers.
Partnerships will play a critical role. 86% of respondents indicate their organization will solely or mostly rely on third-party vendors for compliance in some capacity.
Comments