In this Global Banking & Finance Review article, Donnie MacColl discusses the recent updates to PCI DSS V4.0 and asks if the timeframe for implementation is fast enough to raise the level of cyber protection needed by financial institutions today?
Originally published in Global Banking & Finance Review.
“Now that PCI DSS V4.0 has been announced, many financial businesses are getting ready to implement the changes it brings. Companies have two years to plan their implementation but must have everything in place by March 2025. The risk of working to this single deadline, however, is that it fails to create a sense of urgency and many of the security updates included in the new standard are best practices that businesses should already have established.
For instance, “8.3.6 – Minimum level of complexity for passwords when used as an authentication factor” or “5.4.1 – Mechanisms are in place to detect and protect personnel against phishing attacks” are listed as “non-urgent updates to implement in 36 months”. Considering the high level of cyber threat following events such as the Russian-Ukrainian conflict, this timeframe isn’t fast enough to raise the level of cyber protection needed by financial institutions and retail businesses today, posing a real threat to customer data and privacy.”
Read the full article here.