Chatgpt Jan9 version (openai) software wrote an article on PCI4.0 upgrade — edited by tonyz to remove software developer items (many businesses do not develop their own software for credit card transactions or otherwise)
<start chatgpt article>
The most recent version of the PCI DSS standard is version 4.0, which was released in January 2021. This version replaces the previous version, 3.2.1, which was released in April 2018.
One of the key changes in PCI DSS 4.0 is an emphasis on security as a continuous process, rather than a one-time event. The standard includes new requirements for ongoing assessment and monitoring of security controls to ensure they remain effective. This includes the requirement to conduct regular vulnerability scanning, and to implement threat intelligence and incident response plans.
In PCI DSS 4.0, there is also a greater emphasis on protecting cardholder data throughout its lifecycle. This includes new requirements for data protection during storage, transit and disposal.
In terms of network security, the latest version of the standard includes updated requirements for secure network architecture, including segmentation and micro-segmentation, which can help to limit the scope of a security breach.
Finally, PCI DSS 4.0 introduces more flexibility for the use of cloud-based services, including requirements for cloud providers to meet certain security standards and provide evidence of compliance.
In summary, PCI DSS 4.0 provides a more comprehensive approach to data security, with an emphasis on ongoing assessment and monitoring, secure software development(paragraph removed by tonyz for this summary), and data protection throughout its lifecycle. It also provides more flexibility for the use of cloud services and updated requirements for network security. Organizations must comply with the standard in order to process, store, or transmit credit card information securely.
</end chatgpt article>
TonyZ- there will be a transition period for implementation:” In addition to the transition period when v3.2.1 and v4.0 will both be active, organizations have until 31 March 2025 to phase in new requirements that are initially identified as best practices in v4.0. Prior to this date, organizations are not required to validate to these new requirements.” From https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0
It would be best to implement v4.0 by end of 2023, then one has a little more time to implement anything not completed in 2024.