PCI DSS 4.0, FinTech and Client-Side Security

Ivan Tsarynny, Feroot: PCI DSS 4.0, FinTech and Client-Side Security


Payment data, particularly on the client-side, is extremely vulnerable. PCI DSS 4.0 hopes to bring more protections, but what will its impact be? Feroot Security CEO Ivan Tsarynny has some thoughts.

The new regulation will fully come into effect on 31 March 2025 and marks the first major update to the standards since 2013. The PCI Security Standards Council has offered several options to ease compliance. As a result, PCI DSS v3.2.1 will remain in place until March 2024 so firms can take time to grasp the necessary changes. There is an additional year for organisations to implement new requirements identified as best practices and for assessors to complete training.

Despite the implementation being a long time away and a great level of flexibility, Tsarynny urged companies to “start now.” The reason is it requires pre-planning and early implementation to meet the deadlines. The changes to the regulation are substantial and cannot be rushed nearer the deadline.

Read the full article on FinTech Global.