It’s finally happened – on April 1st NZ time, PCI DSS v4.0 was released, and then on April 28th we saw the Self-Assessment Questionaries released. In this post we cover at a high level what’s changed and what stays the same. What Stays the Same The good thing about the SAQs is that the [...]
Service providers have always had a slightly different focus in PCI DSS because as a service provider you have the ability to impact your customers’ PCI DSS compliance and overall security. Whether that’s through providing certain managed services like managed firewalls or data centres, your customers expect you to be able to demonstrate that [...]
Supporting Your Customers As a service provider, your customers are always looking for more information about which requirements they are responsible for and which ones you're responsible for. Some service providers have provided responsibility matrix documents, others have provided their AoC, others have provided other documents. But in v4.0, there's a new requirement [...]
What's New in Version 4? There's a lot of new things in version 4. In fact, there are 64 new requirements that you might be looking at by 31 March 2025. New Requirements for Merchants New Requirements for Service Providers New Requirements Applicable When You Use v4 (by March 2024) New Requirements [...]
How Often is Periodic The term "periodic" is not new to PCI DSS. But in Version 4, we see a new approach that wraps more governance around the meaning of periodic in Section 7 of PCI DSS V4.0. Periodic becomes a measure that is unique to every organisation. Governance plays a big role [...]
Let's Talk About Passwords If there's one thing that we know people have been waiting for, it's finding out whether PCI DSS would finally modernise password requirements. We are so excited to finally be able to tell you what's coming up in the Version 4 changes for passwords (in fact, some of these [...]
Missed a Requirement? A new way that we see reporting changing in v4.0 is that it brings in a new process for when you miss a requirement and how it could still be considered as meeting your compliance requirements. It's not a "get out of jail free" card, and it's not an excuse [...]
We've been mentioning it for years now, but in some exciting PCI DSS news, Version 4.0 is actually coming soon. On 22 January 2022, the PCI SSC released the stakeholder preview of version 4.0. And while we are still under an NDA and can't talk about it, we're excited to say that we're [...]
Probably one of the most frequent questions we get at the moment is around when Version 4 of the PCI DSS will be released. It's the question that's on everyone's mind because a new version of the Standard usually means changes to the requirements that people need to address.While there's not a lot that [...]
Caveat: This isn’t a post about which Self-Assessment Questionnaire SAQ you should use. You can confirm that by speaking with your acquiring bank. Confide can assist in these conversations and give our opinion on what SAQ we believe is correct, but your acquiring bank will make the final decision. There are a lot of acronyms [...]
