At the 2019 Payment Card Industry North American Community Meeting in Vancouver, Canada, the topic that garnered the most conversation among the 1500+ attendees was, of course, the Council’s preview of the long-anticipated Payment Card Industry Data Security Standards version 4.0 (PCI DSS v.4.0).
PCI DSS v.4.0 is the next major evolution of the 15-year old PCI DSS framework. The last significant revision of the PCI DSS (PCI DSS version 3.0) occurred in 2013. Since that time, there have been three minor revisions, resulting in the current version 3.2.1. Emma Sutcliffe, Senior Director, Global Head of Standards from the PCI Security Standards Council, opened her session by announcing, “there are going to be a lot of changes upcoming in 4.0.”
While the RFC version of PCI DSS v.4.0 has not yet been released as of this writing, LBMC was able to capture several insights from the Council’s preview of the upcoming PCI DSS v.4.0 that may be of interest to PCI merchants and service providers. Those details are shared below, as well as additional information about the RFC process and how you can be involved.