Page 1 - GS220501
P. 1
May 9, 2022 • Issue 22:05:01
Payment standards:
more talk, more action
and vendors," she said. "The feedback came in from North
America, Canada, Central America region and also Europe
and Asia Pacific."
Sutcliffe said the council was pleased by the volume and
diversity of commentary. She added that Lauren Holloway,
director of data security standards at the PCI SSC, and their
team read every piece of feedback—all 7,000 submissions—
during the PCI DSS v4.0 Request for Comment period.
"PCI DSS Requirement 8, which concerns multifactor
authentication (MFA), passwords and authentication
By Dale S. Laszig systems, received the most comments," Sutcliffe said.
Questions included where to apply MFA, what combination
he payments journey is a story of discovery, inno- of letters and numerals constitute strong passwords,
vation and progress. For individual agents, ISOs, how frequently passwords need to be updated and how
processors and security providers, the journey authentication requirements are evolving in alignment
T has not always been smooth; close encounters with other robust industry standards.
with bad actors led to stricter measures designed to miti-
gate risk and protect against threats. Through the years, Flexible guidelines, two-year timeline
these remedial approaches to security have evolved from Sutcliffe pointed out that PCI DSS v4.0 gives qualified
recommended best practices to richly interactive discus- organizations more flexibility in how they achieve security
sions among all industry stakeholders. objectives. "A security objective may apply differently to
different types of payment environments," she said. "If
As payments experts have noted, global standard bodies it's a new method of processing payment information,
constantly pivot in response to emerging technologies and this approach helps support organizations on the cutting
changing consumer and merchant behaviors. With each edge of that change as they introduce new, innovative
new payment solution, experts find ways to leverage the technologies or methods to address threats."
technology itself to protect it from harm. In this story, The
Green Sheet interviews payments industry standard bearers,
experts and architects who work across regions, industries
and disciplines to shape secure commerce.
Contributed articles inside by:
PCI DSS v4.0
Chad Otar ................................................................................................19
Emma Sutcliffe, senior vice president, standards officer Natasa Cvijanovic .................................................................................28
at the PCI Security Standards Council (PCI SSC), recalled
a vibrant discussion period in the months leading to the Adam Atlas ..............................................................................................30
official release of PCI DSS version 4.0. Tyler Kem .................................................................................................32
"What made the feedback so valuable is that it represented
a broad range of our industry and covered a lot of different Michael Leshinsky ................................................................................34
types of organizations: merchant companies, financial
institutions, acquiring organizations, service providers TOC on page 3
Continued on page 26
