Uber, Target, Marriott, T-Mobile, Facebook. The list goes on and on of businesses breached and hacked in the last five years. Those cyberattacks have underscored the urgency for businesses large and small to safeguard their customer data from modern threats. They can do that by quickly implementing the new Payment Card Industry Data Security Standards (PCI DSS) and using Red Maple’s Microsoft Dynamics solutions that are PCI DSS 4.0 ready.
The old standard, v3.2.1, retires on March 31, 2024, making the transition to PCI DSS v4.0 essential for payment data security. Version 4.0 will go into effect on March 31, 2025, according to the PCI Security Standards Council.
With these updates, businesses processing payments should start preparing now. One of the first steps they can take is using software that is PCI 4.0 certified or in the process of being validated. Red Maple, a software company that maximizes Microsoft Dynamics 365 solutions with native extensions and additions, is ahead of the game. Red Maple’s Advanced Credit Cards for BC and F&O, along with Clever Division and Clever Division for CE already require multi-factor authentication and are in the process of being certified for other 4.0 standards.
PCI 4.0 allows businesses to tailor their security measures to their specific risks and environments. This means demonstrating control over sensitive data without being forced to follow rigid, pre-defined testing procedures. 4.0 also offers better Targeted Risk Analysis (TRA). Replacing the traditional self-assessment questionnaire (SAQ), the TRA encourages continuous evaluation of potential threats and their impact. This shift puts the onus on proactive risk management rather than static compliance exercises.
This new version also enhances payment data security in several other areas:
- Cloud computing environments – With more companies using cloud services, PCI DSS v4.0 lays out new guidance for securing payment data in cloud environments. This includes directives around proper configuration, encryption, access controls and monitoring of cloud environments.
- Mobile payments – The growth of mobile commerce is addressed with rules to secure mobile apps and limit sensitive data retention on mobile devices. App developers will need to validate compliance.
- Password management – Complex password requirements are now extended to internal company passwords for systems connected to payment processing. Multi-factor authentication for any personnel accessing payment systems is also mandated.
- Remote access security – The new standards will require multi-factor authentication for all remote access to payment systems, including third party access. System configurations must be inventoried, and tight controls put in place.
Cybercrime is an epidemic and cost businesses about $8 trillion last year. We at Red Maple are doing everything we can to limit Cybercrime for our D365 customers. Our products were built from the ground up to protect businesses and customers from theft, fraud and data breaches with two-factor authentication and secure methods to protect information.
– John Pleau, Partner Development Director at Red Maple
Microsoft is also proactively updating Dynamics to meet new compliance requirements. It is improving security
for cloud deployments of Microsoft Dynamics 365 solutions and Power Platform. New controls will enforce data encryption, restricted data access, activity monitoring and other safeguards required for cloud environments.
It’s also putting stronger mobile application security in place for Dynamics 365 apps. Data encryption, tokenization and other controls aimed at protecting payment card data on mobile devices are being implemented.
With measures like those, Microsoft is aiming to make compliance easier for the many merchants relying on Dynamics for payment processing and financial data management. Tight collaboration with partners like Red Maple also helps strengthen adherence to PCI standards.
Here are other steps businesses can take to get ready for the new PCI standards, according to the PCI Security Standards Council:
- Review new requirements and update compliance programs. Familiarize yourself with the updated requirements of PCI DSS v4.0, ensuring a comprehensive understanding of the changes.
- Educate your staff about the updated standards and their role in maintaining compliance. Awareness is key to a secure environment. The PCI Security Standards Council offers comprehensive resources, including guides, webinars, and training programs.
- Assess internal payment systems and security controls for gaps. Conduct a thorough assessment of your current security posture to identify gaps and areas for improvement.
- Evaluate cloud environments and mobile apps for required changes.
- Enhance logging, access controls, and monitoring of remote access. Implement tighter password policies and multi-factor authentication. Integrate security controls that align with the new standard, addressing vulnerabilities and enhancing data protection measures.
- Employee Training. Educate your staff about the updated standards and their role in maintaining compliance. Awareness is key to a secure environment.
As the digital landscape continues to evolve, embracing PCI DSS v4.0 is not just a compliance requirement but a strategic imperative. By staying informed, understanding the new standards, and leveraging tools within the Microsoft space, businesses can fortify their defenses and foster a secure environment for transactions.
How can my business prepare for the new payment card industry data security standards?
Businesses should be reviewing new requirements, updating compliance programs, and assessing internal payment systems, online payment gateways and security controls for gaps.
When do Payment Card Industry Data Security Standards v4.0 take effect?
The old standard, v3.2.1, retires on March 31, 2024. Version 4.0 will go into effect on March 31, 2024 and will be required by March 31, 2025, according to the PCI Security Standards Council.
Which Microsoft Dynamics software is already being validated for 4.0?
Red Maple’s Advanced Credit Cards for BC and F&O, along with Red Maple’s customer portal, Clever Division and Clever Division for CE already require multi-factor authentication and are in the process of being certified for other 4.0 standards.