PCI DSS v4.0 was released in Spring 2022. As a result, organisations managing environments within its scope must prepare for significant changes to the PCI Data Security Standard (DSS) over the next 18 months. While the 12 core PCI DSS requirements remain fundamentally the same, v4.0 aims to achieve three main objectives:

• Promote security as a continuous process
• Enhance validation methods and procedures
• Add flexibility and support of additional methodologies to achieve more stringent security requirements
  
  

A significant change in version 4.0 is the ability for organisations to design their own controls and implement them based on the intent of the requirements in lieu of compensating controls. This allows companies more flexibility to adopt new technologies or security solutions to achieve compliance. PCI DSS v4.0 supports the use of different technologies, such as cloud-based hosting services, by introducing more flexible wording around requirements and adding intent statements to address the evolving threats to the payment ecosystem.

Why descoping is still the best approach

Descoping your infrastructure from the requirements of PCI DSS is one of the most effective ways to protect your customers’ data and your organisation’s reputation. In the context of the PCI DSS, this translates to keeping customers’ card data out of company systems and minimising contact areas where data is processed or stored.

Many of Puzzel’s customers, including GC Business Finance and Lifeplus, already benefit from a reduction in scope by working with PCI Pal to secure their payments.

Puzzel incorporates PCI Pal’s cloud-based secure payment solutions into its overall contact centre portfolio. Assisting customers to securely handle payments across multiple engagement channels, including telephone, digital, or via automated IVR solutions, supporting customers’ omnichannel strategies.  

Adding layers of security can increase friction and frustration for consumers which leads to the abandonment of transactions if there are too many ‘hurdles’. Brands must provide clear assurances to customers that the methods of capturing, processing and storing data are compliant with the latest industry standards and regulations.

Puzzel and PCI Pal have always believed that organisations can be secure and compliant while ensuring CX processes and engagement with customers are prioritised. Through innovative, cloud-native technology, payment security can be achieved in a way that allows consumers to interact and complete transactions, securely, in the way they wish.

“The PCI Pal suite is extremely well received by our customers who need a seamless, cloud-based solution that can be integrated with existing payment service providers, gateways and CRM solutions. The PCI Pal solution never fails to deliver, and the service we receive from the team is excellent”.  Howard Watson, Director of Channel Partnerships, Puzzel

Catch our full session ‘PCI DSS v4.0: What it means for Compliance in the Cloud’ at this year’s Get Connected event.