PCI DSS (Payment Card Industry Data Security Standard) is a certification issued by the PCI Security Standards Council that defines the international security requirements necessary for companies in the payment card sector and their service providers to operate reliably, adequately protecting both their technology systems and their customers’ data and operations.
Technology service providers that serve these types of businesses, such as Azion’s Edge Computing Platform, also need it. Azion already operated with a previous version of this certification, 3.2.1 Level 1, and we are now pleased to announce we have obtained its latest version: PCI DSS v4.0.
PCI DSS v4.0 Isn’t Just Any Version. Understand Why
This certification update is the most important since its creation, 18 years ago[1], because its configuration adapts to the dynamics of changes the market has been experiencing over the last five years.
Since 2018, the digitization of companies has gone through a process of unprecedented growth and sophistication, and at an unprecedented speed. This is due to factors such as the pandemic, the abrupt expansion of new technologies such as AI, and especially in the financial sector, the intense migration from face-to-face to online service.
The same thing happens with the speed of growth and innovation of cybercrime. That is why the PCI Security Standards Council perceived the need to create a new certification model that adequately responds to these circumstances.
What Important New Features Does PCI DSS v4.0 Introduce?
The v4.0 certification provides a very significant refinement in meeting requirements for all areas of security systems[2].
Examples of this may be the requirement of stronger controls for multifactor authentication systems, increased sophistication of the structure of access codes, or the increase in the frequency with which the POI (Point of Interaction) of certified companies must be inspected.
However, we can say that the most important update is that the certification adds a new approach to execute and test PCI controls, in addition to its traditional approach.
Defined Approach and Customized Approach
Defined Approach
Versions before 4.0 followed a Defined Approach, whereby companies applying for certification had to meet a specific list of security requirements (over 250).
Customized Approach
The greatest change in version 4.0 makes it possible for each company to create security processes outside the specific list of the defined approach, adapted to their reality[3].
A company can propose security measures that must be analyzed and validated by the PCI Security Standards Council, which allows it greater flexibility when adapting its infrastructure to continuously changing market conditions, as in the case of the constant emergence of new technologies.
The same company can implement both approaches, applying one or the other to specific elements of its environment, as appropriate.
How Does Operating on a PCI DSS v4.0 Certified Edge Computing Platform like Azion’s Benefit Your Company?
Compliance with PCI DSS v4.0 extends to all of our edge solutions and customer data processed and stored at each of our edge locations.
Data residing in our edge network will be closer to your end user, which also means that:
- Requests will be processed with ultra-low latency, as they will not need to go to your origin server, keeping your payment process highly efficient and thus improving the customer experience.
- You will reduce the high costs associated with cloud services.
- In case of a cyberattack, it will be stopped at the edge location closest to its starting point. And with Azion, you also have a complete cybersecurity stack specifically created for the edge that protects against the most advanced threats.
- Processing the data close to the end user also means you can easily adapt your service to the compliance regulations of each region of the planet in which you operate.
Conclusion
In short, all of this means guaranteeing that the processing and storage of bank card data is extremely agile and secure, both for our direct customers and anyone who has contact with Azion’s services.
Do you want more details about Azion’s PCI DCC 4.0 certificate and how it can benefit your company? Talk to one of our experts to know more.
References
[1] Business Leaders, Here’s What You Need To Know About PCI DSS 4.0 | Forbes
[2] First Look at PCI DSS v4.0 | PCI Security Standards Council
[3] PCI DSS v4.0 Quick Reference Guide | PCI Security Standards Council