![](\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/making-sense-of-todays-payment-cybersecurity-landscape.png?w=640&ssl=1\")
<\/p>\n<\/p>\n
![](\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/making-sense-of-todays-payment-cybersecurity-landscape.jpg?w=640&ssl=1\")
<\/div>\nThe surge in cybercrime activity since the outbreak of the COVID-19 pandemic has been tough to ignore. This is particularly true for “high-value” sectors such as finance \u2014 especially the payments industry.<\/p>\n
Cybercriminals have continuously targeted the financial sector<\/a>, not only because of the cache that comes with compromising a high-profile finance name but also because of the allure of a potentially lucrative payday. In fact, more than 60% of global financial institutions<\/a> with over $5 billion in assets were hit by cyberattacks in 2022. And with the number of non-cash transactions hitting a record of 157 billion in 2021<\/a> in the US alone, the highly disruptive payments sector has emerged as a foremost threat target.<\/p>\n To combat this, the PCI Standards Security Council \u2014 which sets industrywide cybersecurity standards and is led by major players in the payments card space \u2014 has unveiled its newest version of its Data Security Standards (DSS) v4.0<\/a>. With current guidance \u2014 DSS v3.2.1 \u2014 set to sunset in 2024, the payment card industry and vendors that accept card payments have been working diligently to make sure they hit the March 2025 compliance deadline for v4.0. However, with so many new technologies and threats to contend with, and more than five years elapsing since the debut of v3.2.1, getting up to speed with the expectations of v4.0 is proving to be easier said than done.<\/p>\n Originally set to be updated every three years, v4.0 guidance has been long awaited, to say the least. At over 350 pages<\/a>, 4.0 features numerous new best practices<\/a>, as well as enhancements on existing guidelines, including requiring businesses to implement multifactor authentication on all accounts that access cardholder data and new mandates for providing employee cybersecurity training. That said, when combining the legwork of meeting new compliance requirements and double-checking compliance against the rest of the guidance, the process of adopting v4.0 can seem like a highly daunting process \u2014 especially for businesses seeking to become DSS compliant for the first time. Here are three of the foundational steps that businesses can use to become compliant:<\/p>\nWhat’s New in PCI DSS v4.0?<\/h2>\n