Mandate | Active Now
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that provides a baseline of technical and operational requirements designated to protect payment data and reduce credit card fraud. PCI DSS is intended for all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
The new version of the standard was released on March 31, 2022. Changes from the previous version 3.2.1 include:
Details about the updates can be found in the PCI DSS v4.0 Summary of Changes document on the PCI SSC website.
Thales can help organizations working with cardholder data achieve compliance with several PCI DSS 4.0 requirements, including:
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. The 12 principal requirements represent 6 overarching principles.
PCI DSS v3.2.1 will remain active for two years after v4.0 is published. This provides organizations time to become familiar with the new version, and plan for and implement the changes needed. The implementation timeline is shown in the image below.
[Figure 1: PCI DSS 4.0 Implementation Timeline. Source: PCI SSC]
Drawing on decades of experience helping banks and financial institutions comply with industry mandates, Thales offers integrated products and services that enable your organization to protect stored cardholder data, encrypt it for transfer, and restrict access on a need-to-know basis. In addition, Thales works closely with partners to offer comprehensive solutions that can reduce the scope of your PCI DSS compliance burden.
Thales offers comprehensive PCI DSS compliance software solutions that help organizations address the core principles of PCI DSS:
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.