Tuesday, September 12, 2023
Commissioned by Bluefin and published Sept. 12, 2023, the survey of 250 decisionmakers in multiple sectors found 94 percent concerned about payment data security and their ability to meet the March 31, 2025, deadline for implementing PCI DSS 4.0.
McKee noted that PCI DSS 4.0 is different than previous versions of PCI DSS and requires a different approach to training and implementation.
"While PCI DSS 4.0 presents an array of operational and resource hurdles for enterprises to overcome, those that approach it with a strategic mindset will differentiate themselves and ultimately deliver a superior customer experience," he said in a statement. "Developing an internal strategy, including the implementation of payment data security technologies like PCI-validated P2PE and tokenization, alongside working with trusted partners will be crucial for organizations to fully understand and address the required changes."
Brent Johnson, CISO at Bluefin, pointed out that the standard evolves out of necessity in alignment with everchanging attack vectors.
"As payments stacks continue to evolve alongside customer needs and expectations, cybercriminals view this as a key opportunity to exploit emerging points of vulnerability and capture critical customer data," he said. "In this environment, it's not a matter of if an organization will experience attempts at being breached – it's a matter of when. Businesses must ensure compliance with new PCI DSS 4.0 standards as part of a holistic approach to protecting customer data, and our new report serves as a guide for organizations as they look to meet these requirements ahead of the looming March 2025 deadline."
Noting that enterprises are under pressure to deliver seamless payment experiences to their customers, researchers mentioned that diversification of payment channels creates a broader attack surface for criminals. Thus, they highlighted the need for organizations to protect stakeholders by balancing omnichannel commerce with security.
Following are additional key takeaways from the report:
Researchers additionally noted that 98 percent of survey respondents had been directly impacted by an organizational data breach over the past 24 months and 50 percent experienced a breach that significantly disrupted their businesses. Despite the challenges, 80 percent of respondents agreed that PCI DSS 4.0 is fair and necessary for the betterment of the industry and consumers, the analysts stated.
"Payment data security concerns are widespread, elevated and highly prioritized in enterprises," McKee and Immerman wrote. "This creates a fitting backdrop for PCI DSS 4.0, which puts forth new guidelines to help enterprises address the evolution of payment data security threats. While PCI DSS 4.0 is generally viewed positively by payment data security professionals, understanding is limited, the changes required are significant and much of the market is at risk of falling short of the deadline."
The co-authors recommended that organizations develop an internal strategy by working across divisions and with trusted partners to address required changes and optimize a companywide migration to PCI DSS 4.0.
A full copy of the report is available at www.bluefin.com/resources/white-papers/pci-dss-4-0 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
