eSIM ServicesASMO360ASMO VPN
ASMO ARMENIAASMO ARMENIA
HomeNewsAboutContactsInformation

Payment Systems Technology Standards

PCI DSS 4.0 Compliance & Security Requirements

Understanding the evolution of payment security standards and implementing best practices for secure card data processing.

Evolution of PCI DSS and Transition to Version 4.0

In March 2022, the PCI SSC released PCI DSS v4.0 after three rounds of public comments from over 200 companies, incorporating 6,000 pieces of feedback. The standard emphasizes flexibility to meet the evolving security needs of the payment industry.

March 2022

PCI DSS v4.0 released by PCI SSC

Until March 31, 2024

PCI DSS v3.2.1 remains active

March 31, 2025

Full implementation of new requirements

Authentication and Access Management

Multi-Factor Authentication (MFA)

Studies demonstrate that proper MFA implementation can prevent up to 99.9% of account compromise attacks.

  • Prevents up to 99.9% of account compromise attacks
  • Expanded to all Cardholder Data Environment (CDE) access
  • No longer limited to just remote access
  • Required for all system components
Passwords and Passphrases

Version 4.0 introduces stricter password requirements for enhanced security.

v3.2.1

7 characters minimum

v4.0

12 characters minimum

v3.2.1

90-day change for all

v4.0

90-day change only without MFA

Group and Shared Accounts

Unlike v3.2.1, version 4.0 permits group/shared accounts under specific conditions.

Limited duration access

Mandatory approval process

Individual action tracking

Regular auditing requirements

Compliance Assessment Approaches

Defined Approach

Traditional method following clearly defined requirements

Best for: Organizations already aligned with current standards
Customized Approach

Achievement-focused method allowing independent control mechanisms

Best for: Organizations with unique security needs

Infrastructure Requirements

Tier III or higher reliability for data centers

Geographic separation of processing centers

Redundant communication channels from different providers

Minimum primary channel bandwidth: 1 Gbps

Dynamic routing protocols (BGP, OSPF)

Performance Requirements

< 2 seconds

Authorization Response

1,000+ TPS

Processing Capacity

99.999%

System Availability

5 minutes

Maximum Annual Downtime

Security Requirements

Encrypted data transmission and storage

Regular penetration testing

Real-time security monitoring

Mandatory encrypted backup

Practical Implementation Steps

Recommended transition steps for PCI DSS 4.0 compliance

1
Analyze Current State

Assess current security posture and gaps

2
Select Approach

Choose Defined or Customized assessment approach

3
Develop Plan

Create detailed transition roadmap

4
Train Personnel

Ensure staff understand new requirements

5
Update Documentation

Revise procedures and policies

6
Test Controls

Validate new control mechanisms

Key Focus Areas

Assessment methodology selection

Technology infrastructure updates

Documentation and procedures revision

Training and awareness programs

Industry Standards Compliance
PCI DSS 4.0
EMV Certified
ISO 27001
SOC 2 Type II
GDPR Compliant