PCI Standards , Standards, Regulations & Compliance , Video

PCI DSS 4.0: How to Comply With New Security Requirements

Verizon Payment Security Report Authors Discuss Security Gaps, Key Strategies
Ferdinand Delos Santos, senior manager in Asia-Pacific, Verizon, and Rokon Zaman, senior manager, security assurance in Australia, Verizon

Earlier this year, the PCI Security Standards Council issued version 4.0 of the PCI Data Security Standard, or PCI DSS. How can organizations comply with the new standards?

See Also: Software Supply Chain Platform for Financial Services

Information Security Media Group asked two experts from Verizon, Ferdinand Delos Santos and Rokon Zaman, to discuss the new regulatory requirements and Verizon's 2022 "Business Payment Security Report: Preparing to navigate PCI DSS v4.0," which highlights the key steps needed to comply with the latest regulations.

Continuous monitoring has always been a requirement of PCI DSS, but the new version places more emphasis on it, says Santos, senior manager of Verizon's Asia-Pacific security PS leadership team. "The whole bottom line is that you cannot do the minimum," Santos says. "You have to make compliance an ongoing activity instead of being a one-off."

Zaman, senior manager of security assurance for Verizon in Australia, says that organizations need to establish KPIs for tracking performance. "Effectiveness or performance of security activity must be measured and reported to ensure security activities are performed on an ongoing basis, implementing a continuous improvement process to ensure issues are collected," he says.

Santos advises organizations to avoid a siloed approach and consider the many interdependencies of processes across the enterprise during implementation. Instead of simply complying with a new requirement, he says, "We should attach it to a particular security management goal that elevates the risk management posture and security management posture of the organization."

In this video interview with Information Security Media Group, these two experts discuss:

  • Highlights of Verizon's payment security report;
  • The security control gaps in the payment industry and how the latest version of PCI DSS can address them;
  • Key strategies for implementing new PCI DSS across the organization.

Santos serves on Verizon's leadership team for security consulting in Singapore and the Asia-Pacific region. He is an experienced business leader in both IT and information security.

Zaman serves in Verizon's security assurance professional services advisory practice in Australia. He has more than 12 years of experience in cybersecurity advisory and assessment services across the financial services, commercial and public sectors.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.