PCI DSS 4.0 requirements for outsourced eCommerce environment

Do you outsource your eCommerce environment for PCI and validate requirements based on an SAQ A? If so, there are several new requirements coming with PCI DSS 4.0 that you need to be aware of. Here’s a summary of the new requirements found in an SAQ and some guidance for what you can do now to prepare.

Do you have questions or need additional guidance? Reach out to the HALOCK QSA team for Subject Matter Expertise and 4.0 preparation work. 4.0 transition training for QSA will be released in the middle of July and HALOCK is already allocating time to complete that training ASAP, to ensure our guidance for 4.0 is aligned with the SCC’s intent.

For an update on this topic, visit: Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

HALOCK Viviana Wesley Reasonable Security Information Security QSA — **AUTHOR:** Viviana Wesley, PCI QSA, ISO 27001 Auditor

PCI WEBINAR SERIES

Preparing for Your Transition to PCI DSS v4.0 Webinar
PCI DSS v3.2.1 expires on March 31, 2024. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our 5-part PCI Webinar Series, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance.

Join Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel.