• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
IVR Technology Group

IVR Technology Group

Delight Customers. Reduce Costs. Increase Efficiency

  • solutions
    • Managed CPaaS:
      Communications Platform as a Service
    • Payments:
      Automated payments by phone & text
    • Broadcast:
      Omnichannel outbound campaigns
    • IVR Surveys:
      Real-time customer feedback
  • about
    • About Us
    • FAQ’s
    • Security First
    • Careers
    • Our Valued Partners
  • contact
  • blog
PCI DSS Certified Level-1 Service Provider

PCI DSS 4.0 Update: Looking Ahead At The Coming Changes

To address the ever-evolving risks to the credit card payment ecosystem, the Payment Card Industry Security Standards Council has been preparing the next major update to the PCI DSS standard. The PCI DSS framework is 15-years old, and a lot has happened in the payments industry since the first standard. PCI DSS v.4.0 addresses the most recent changes, such as payments by Near Field Communications (NFC, such as Apple Pay) and improving risk assessment processes.

Last year, the council published a draft version of the new standard for comments from merchants and service providers. As the input was accepted and the framework evolved, we’re getting closer to knowing what the final standard will include. Some of the most important updates will consist of:

  • Authentication – more alignment with industry best practices.
  • CHD Protection – transmission of CHD must be encrypted on private networks.
  • Security Awareness – added requirements for end-user training
  • Scoping – increased testing, documentation, and periodic validation
  • Risk Assessment – modifications to prevent “checkbox exercises” by companies
  • Sampling – verifying that controls are in place
  • Cloud – accommodating of cloud hosting services.

You can find a more detailed analysis of the main points on the LBMC website.

History

Every merchant that accepts credit card payments from their customers must comply with the current Payment Card Industry Data Security Standards (PCI DSS). The standards define security management policies, procedures, network architecture, software design, and other critical controls for protecting cardholder data (CHD). Failure to comply exposes organizations to data breaches, hefty fines & fees, and even loss of business.

The Payment Card Institute formed in 2004, but the origins of today’s payment security standards date back to the mid-1990s. During that time, online e-commerce was on the rise, as well as increasing sophistication of fraudsters seeking to exploit merchant and banking systems. In response, VISA announced its Cardholder Information Security Program (CISP) in 1999 and implemented in 2001. American Express, Mastercard, and Discover quickly created their unique security standards, requiring merchants to adopt multiple security compliance programs.

PCI-DSS was first introduced in 2004 as a unifying standard to eliminate the confusion of compliance with multiple security standards. Version 1.1 was adopted in 2006 with the adoption of the PCI Security Standards Council, an independent group overseeing the future evolution of the standards.

Several versions were released over the years to ensure the adoption of industry best practices in response to the ever-changing security landscape. The current version, 3.2.1, was released in May of 2018, with new requirements for multi-factor authentication and secure communications.

Secure IVR Payments

IVR Technology Group helps businesses mitigate PCI risk when accepting payments by phone or text with our Compass Payments Suite. Visit the link, or contact sales to learn more.

Compass Pay atpoint

Primary Sidebar

Best Practices For Obtaining Text Messaging Opt-Ins

Compass Journal, Edition Two: Outsourcing Your Contact Center?

Outsourcing Your Contact Center: What You Need To Know

Improving Customer Journeys For Mortgage And Insurance Companies

We’re Excited To Announce Our Partnership With Bluefin

Footer


circle-twitter
circle-linkedin
circle-facebook
circle-mail
circle-phone
IVR Technology Group
HEADQUARTERS
  65 Lawrence Bell Drive, Suite 102
  Amherst, New York 14221
  1-716-250-2800

DALLAS OFFICE
  1090 Texan Trail
  Grapevine, TX 76051
  1-972-846-4100
Customers
Customer Login

Important Links
Contact Us
Managed CPaaS
IVR Payments Application
Self-Serve Omnichannel Campaigns
IVR Voice and Text Surveys
Security
Jobs @ IVR Technology Group
Privacy Policy
compliance

© 2021 · IVR Technology Group, LLC · all rights reserved