Page 1 - GS230901
P. 1
September 11, 2023 • Issue 23:09:01
Payments, a retrospectiv e
Payments, a retrospective
The extraordinary life of a payment
transaction – Security checkpoints
guarantee our safety when we fly or use our payment
cards, they can minimize risk."
Evolve PCI DSS
Thirteen years later, as merchants prepare to implement
PCI DSS v4.0 by March 31, 2024, security analysts are com-
menting on the standard's notable revisions. Qualifying
organizations, for example, will have more latitude in in-
terpreting guidelines, they noted.
"Entities with established processes to identify control fail-
By Dale S. Laszig ures and implement corrective actions within their environ-
ments generally have more mature risk management and
n the payments industry's early days, merchant and security processes, with information about whether those
consumer behaviors were as fixed as the counter- processes are operating effectively," PCI SSC researchers
top terminals that dominated retail and hospitality. wrote, in "PCI DSS v4.x: Items Noted for Improvement (INFI)
I Technologies held little interest beyond payment Worksheet − Frequently Asked Questions," published by the PCI
request, authorization and settlement. Fraudsters stole SSC in June 2023.
paper receipts from trash bins, perpetrating one-on-one
attacks before truncated receipts and massive breaches for- Adam "Sully" Perella, technical director at Schellman, not-
ever changed the game. ed that the most significant difference in PCI DSS v4.0 is its
migration from a prescriptive to risk-based approach.
Over time, additional measures attempted to protect pay- "From time-based requirements to vulnerability manage-
ment card data in transit and at rest. This series traces the ment, the standard calls upon organizations to look at how
journey of an electronic transaction, from point of entry to
financial host, exploring the many checkpoints along the
way.
"Cloud security: a weighty issue," a view column published Contributed articles inside by:
Oct. 26, 2009, in The Green Sheet, cited the July 1, 2010, Gregg Aamoth .......................................................................................18
deadline for implementing the PCI Data Security Standard
(PCI DSS), comparing the standard to airport screenings. Elie Y. Katz ...............................................................................................20
Nick Cuuci................................................................................................28
"Just as travelers must submit to screening and identity
checks at the airport in a post 9/11 world, credit card trans- Ken Musante ..........................................................................................30
actions need heightened verification and security," I wrote. Jill Rosenthal ..........................................................................................32
"Think homeland security for terminals; these safeguards
came in response to security breaches and are designed to
protect cardholder data. While security procedures can't
Continued on page 26
