What's in the Draft PCI DSS v4.0?

In late 2020, the PCI DSS v4.0 will be released. And in what promises to be an even more significant change than that from 2.0 to 3.0 (released in Nov. ’13), there is, rather unsurprisingly, a great deal of interest in its contents.

So what’s in it?

I’ll be honest, I can’t tell you, or more to the point, I’m not ALLOWED to tell you as the draft version is currently in ‘Request for Comment’ (RFC) status. Yes I have read it, not only that, I have mapped it line-by-line to v3.2.1 and analysed the differences in detail. I have even written a brief on what I consider the impact of those changes will be, but it will have to remain unread until the moratorium is lifted.

Continue reading