PCI Standards

Version 4 SAQs are Out – What’s New


It’s finally happened – on April 1st NZ time, PCI DSS v4.0 was released, and then on April 28th we saw the Self-Assessment Questionaries released. In this post we cover at a high level what’s changed and what stays the same. What Stays the Same The good thing about the SAQs is that the [...]

Version 4 SAQs are Out – What’s New2022-05-06T09:37:01+13:00

Service Providers – What is Changing in PCI DSS v4.0?


Service providers have always had a slightly different focus in PCI DSS because as a service provider you have the ability to impact your customers’ PCI DSS compliance and overall security. Whether that’s through providing certain managed services like managed firewalls or data centres, your customers expect you to be able to demonstrate that [...]

Service Providers – What is Changing in PCI DSS v4.0?2022-05-06T09:21:15+13:00

Rapid Requirements: Responsibility Matrix


Supporting Your Customers As a service provider, your customers are always looking for more information about which requirements they are responsible for and which ones you're responsible for. Some service providers have provided responsibility matrix documents, others have provided their AoC, others have provided other documents. But in v4.0, there's a new requirement [...]

Rapid Requirements: Responsibility Matrix2022-04-14T17:43:11+13:00

PCI v4.0 by the Numbers


What's New in Version 4? There's a lot of new things in version 4. In fact, there are 64 new requirements that you might be looking at by 31 March 2025. New Requirements for Merchants New Requirements for Service Providers New Requirements Applicable When You Use v4 (by March 2024) New Requirements [...]

PCI v4.0 by the Numbers2022-04-14T17:41:53+13:00

Rapid Requirements: Let’s Define “Periodic”


How Often is Periodic The term "periodic" is not new to PCI DSS. But in Version 4, we see a new approach that wraps more governance around the meaning of periodic in Section 7 of PCI DSS V4.0. Periodic becomes a measure that is unique to every organisation. Governance plays a big role [...]

Rapid Requirements: Let’s Define “Periodic”2022-04-14T17:45:10+13:00

Rapid Requirements: Password Changes in Version 4.0!


Let's Talk About Passwords If there's one thing that we know people have been waiting for, it's finding out whether PCI DSS would finally modernise password requirements. We are so excited to finally be able to tell you what's coming up in the Version 4 changes for passwords (in fact, some of these [...]

Rapid Requirements: Password Changes in Version 4.0!2022-04-14T17:43:56+13:00

Rapid Requirements: When You Miss a Requirement


Missed a Requirement? A new way that we see reporting changing in v4.0 is that it brings in a new process for when you miss a requirement and how it could still be considered as meeting your compliance requirements. It's not a "get out of jail free" card, and it's not an excuse [...]

Rapid Requirements: When You Miss a Requirement2022-04-14T17:44:56+13:00

Version 4 – It’s Actually Coming Soon!


We've been mentioning it for years now, but in some exciting PCI DSS news, Version 4.0 is actually coming soon. On 22 January 2022, the PCI SSC released the stakeholder preview of version 4.0. And while we are still under an NDA and can't talk about it, we're excited to say that we're [...]

Version 4 – It’s Actually Coming Soon!2022-01-25T10:15:44+13:00

PCI DSS Version 4 – When’s It Coming?


Probably one of the most frequent questions we get at the moment is around when Version 4 of the PCI DSS will be released. It's the question that's on everyone's mind because a new version of the Standard usually means changes to the requirements that people need to address.While there's not a lot that [...]

PCI DSS Version 4 – When’s It Coming?2021-03-01T15:53:57+13:00

What Are My Reporting Requirements?


Caveat: This isn’t a post about which Self-Assessment Questionnaire SAQ you should use. You can confirm that by speaking with your acquiring bank. Confide can assist in these conversations and give our opinion on what SAQ we believe is correct, but your acquiring bank will make the final decision. There are a lot of acronyms [...]

What Are My Reporting Requirements?2020-03-19T11:14:42+13:00