PCI DSS 4.0: Timelines and Initial Preparation Steps Required for Your Business - McDermott Will & Emery

PCI DSS 4.0: Timelines and Initial Preparation Steps Required for Your Business

Overview


Last year, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version, which brings major changes to the payments ecosystem and compliance requirements, places an increased focus on governance, organizational maturity, technical controls and targeted risk analysis.

With the PCI DSS 4.0 compliance deadline fast approaching, there are a number of preparation steps that will likely take longer than anticipated for organizations to comply with the standard. Many of the compliance measures, adjustments and implementation projects will have lead times of a year or more, especially technology-related revisions (e.g., incorporating new multi-factor authentication requirements), enhanced governance and third-party vendor contract changes. Planning for PCI DSS 4.0 compliance is a continuous effort that should be started now.

Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana, principal at Mazars, for the second in a series of PCI DSS 4.0 programs as they discuss how merchants, service providers, issuers, acquirers and other businesses subject to the standard should plan for the transition to PCI DSS 4.0. We will also explore the process for transitioning from version 3.2.1 to version 4.0 and the activities that make up these compliance efforts. This program is an essential first step as legal counsel and PCI DSS 4.0 compliance teams work together to ready their organizations to meet the compliance deadline.

Discussion topics will include:

  • Realistic timelines for PCI DSS 4.0 implementation for your business
  • Scoping the systems, people, service providers and processes that are in scope for your compliance obligations
  • Structural changes required to convert to PCI DSS 4.0
  • Relevant PCI DSS 4.0 gap assessment and testing processes
  • PCI DSS 4.0 risk assessments, both targeted and general
  • PCI DSS 4.0 legal and contractual implications for third-party service providers

A link to our prior PCI 4.0 program can be found here.

REGISTRATION INFORMATION

Wednesday, February 1, 2023
12:00-1:00 pm (EST)

Webinar

Get In Touch