PCI DSS v4 Deadline Looming

With the final deadline for meeting the new PCI DSS v4 requirements rapidly approaching at the end of March 2025, URM’s webinar will focus on providing you with hints and tips on how to address some of the more challenging requirements.  

Key requirements to be addressed include:

• Payment Page Integrity Checking: This requirement involves your organisation implementing tools or processes to regularly verify the integrity of your payment pages, ensuring they haven’t been tampered with and protecting against unauthorised modifications.
• Payment Page Change Requirements: Any changes to your payment page will need to be documented, reviewed, and approved prior to implementation.  An audit trail will be required to monitor changes and ensure that only authorised personnel are making modifications to the payment page.
• Targeted Risk Analyses: Your organisation will need to conduct and maintain targeted risk analyses to justify any requirements associated with a periodic activity, e.g., malware scanning, log reviews, and developer training.
• Automated Detection of Phishing Attacks: An automated system needs to be in place to both identify and mitigate phishing attacks, thereby providing extra protection against one of the most common and costly cyber threats.
• Periodic Review of User Privileges: You now need to undertake a mandatory review of user access privileges every 6 months.  This is intended to help limit the risk of unauthorised access and ensure the principle of least privilege is adhered to.
• Documentation and Control of Service or System Account Usage: The manual use of service or system accounts will need to be carefully documented and controlled by your organisation in order to prevent potential misuse and promote accountability.
• Enhanced Password Security: The minimum password length needs to be increased to 12 characters, thereby strengthening your password policies to reduce the likelihood of compromise.
• Mandatory Multi-Factor Authentication (MFA): MFA will be required for all access to the Cardholder Data Environment (CDE), thus providing an essential layer of security to protect sensitive information.
• Monitoring for Security Control Failures: Your organisation will need to actively monitor for failures in its security controls to ensure timely identification and remediation of vulnerabilities.
• Authenticated Internal Scanning: Internal scans must now be authenticated, providing a deeper investigation of the security posture of your systems and ensuring thorough vulnerability assessments.

Join us at the webinar to ensure you are fully prepared to meet these and other requirements and maintain your compliance with PCI DSS v4.

‍