The Payment Card Industry Security Standards Council (PCI SSC) has released the latest version of the PCI Data Security Standards, PCI DSS v4.0. Details about the transition plans for Merchants using the NCR Payment Solutions PCI Apply validation portal will be forthcoming as we work with vendor Aperia on PCI DSS v.4.0 migration planning. In the meantime, it is suggested that you become familiar with the changes.

Important Dates:

• The current PCI DSS v3.2.1 standard will be retired on March 31st, 2024, and replaced by PCI DSS v4.0.
• While the PCI DSS v.4.0 will only be accepted after March 31st, 2024, many of the newly added requirements of PCI DSS v4.0 are best practices until March 31st, 2025.
• Merchants can continue to submit version 3.2.1 of the Self-Assessment Questionnaires (SAQ) until retired. However, depending on the size and complexity of your environment, it may take considerable effort to implement some of these new requirements. It is recommended that merchants begin now to become familiar and compliant with the new changes and requirements listed in PCI DSS v4.0.

What’s Changing:

PCI DSS v.4.0 has significant changes to the standards and Self-Assessment Questionnaire (SAQ) format. The PCI SSC has released the SAQ Instructions and Guidelines document to assist with understanding the changes.

• There are several future-dated requirements merchants will need to address before March 31st, 2025.
• Several existing PCI requirements were added to the individual SAQs not included under v3.2.1. These changes are not future-dated and must be in place when performing an SAQ v4.0 assessment of the merchant environment.

Resources:

The PCI SSC website www.pcissc.org has additional information to assist merchants with the PCI DSS v 4.0 changes. Some commonly used and helpful documents are:

• PCI SSC Document Library
• PCI SSC, PCI DSS v4.0 Resources Hub
• PCI DSS v4.0 Quick Reference Guide

If you have any questions, please contact your account manager, customer service or Aperia.