As e-commerce fraud rises, new security standards (PCI DSS 4.0.1) will take effect in March 2025, requiring online retailers to secure their entire website, strengthen authentication, and monitor third-party scripts and payment pages. Merchants must assess their compliance level, implement necessary security controls, and document efforts to meet the new requirements, with larger businesses facing stricter rules.
South Africa: New Security Rules for Online Payments
Public
Other countries
Author: Ivana Picajkić
Category:
General subject related
Views:
55
Content accuracy validation date:
28.03.2025
Content accuracy validation time:
08:35h
As e-commerce grows, so do security threats like e-skimming, where hackers steal credit card data by exploiting website vulnerabilities. To combat this, PCI DSS 4.0.1, a stricter security standard, will take effect in March 2025, requiring online merchants to strengthen their payment security measures.
What are the important changes for retailers?
- Full-Site Security – Merchants must secure their entire website, not just the payment form, to prevent cyberattacks,
- Stronger Authentication – Enhanced password rules and multi-factor authentication are mandatory,
- Third-Party Script Monitoring – Merchants must track and authorize all scripts, including those from third parties, to prevent unauthorized access to customer data,
- Payment Page Monitoring – Retailers must set up alerts to detect unexpected changes that may indicate a security breach.
Merchants are categorized into four levels based on transaction volume, with larger businesses facing stricter requirements:
- Level 1: Over 6 million transactions per year
- Level 2: 1-6 million transactions per year
- Level 3: 20,000-1 million transactions per year
- Level 4: Fewer than 20,000 transactions per year
What are the next steps for retailers?
- Determine your compliance level: Your PCI DSS scope (the extent to which you need to comply with the standard) is determined by how you handle cardholder data,
- Understand the requirements by reviewing the PCI DSS v 4.0.1 (Available for download through the PCI Security Standards Council),
- Assess your current security level by identifying gaps and areas for improvement,
- Implement necessary security controls based on your chosen integration method,
- Document your compliance efforts, which requires you to maintain records of policies, procedures, and assessments.
A good step to ensure readiness before the deadline is also speaking to a security expert or a webmaster.
Other news from Other countries
What are the Differences Between Sales Tax and Use Tax in America?
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
Sales tax is a small fee added to most purchases, collected by the seller and sent to the government to fund public services. Rates vary by state, and some cities add extra on top. Use tax applies when you buy from out of state or online and don’t pay sales tax, then it’s your responsibility to report and pay it to your state. While both taxes serve the same purpose, they apply in different situat... Read more
Singapore’s Move Towards E-Invoicing and Digital Tax Reporting
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
Singapore is introducing mandatory e-invoicing and direct tax data reporting to improve tax compliance, requiring businesses to modernize their accounting systems. A phased rollout begins in May 2025, and companies must adapt to real-time tax reporting to stay compliant and avoid audit risks. Singapore has built a strong digital government system, and businesses are now expected to follow suit wit... Read more
Understanding Sales Taxes in Canada
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
Canada has a complex sales tax system with different taxes at both federal and provincial levels. Businesses must navigate GST, HST, PST, QST, and RST, depending on their location and sales type. Additionally, digital sales taxes apply to non-resident businesses selling digital goods and services in Canada. Proper registration, tax collection, and compliance are essential to avoid penalties and en... Read more
Malaysia: E-invoicing overview
Public
Other countries
Author: Ema Stamenković
Other countries
Author: Ema Stamenković
Malaysia's Inland Revenue Board has revised e-invoicing guidelines, introducing new exemptions and consolidated conditions for self-billed transactions, with provisions set for implementation by July 2025. Malaysia's tax authority, the Inland Revenue Board, has issued some fresh e-invoicing rules. These updates, which came out on January 28, 2025, touch on both the main e-Invoice Guideline (now at... Read more
USA: Nebraska Issues New Rules on Sales Tax Advertising
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
The Nebraska Department of Revenue has updated its sales tax advertising rules, prohibiting businesses from claiming they will cover or exclude sales tax in advertisements. Retailers must list sales tax separately on invoices, and those unsure about compliance can consult the DOR before advertising. The Nebraska Department of Revenue (DOR) has updated its rules on how retailers can advertise sales... Read more
Understanding Digital Reporting and e-Invoicing in the USA
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
E-invoicing allows businesses to exchange invoice data electronically, improving tax compliance and efficiency, though it is not mandatory in the U.S. The government is gradually promoting its adoption, with initiatives like the Business Payments Coalition and the Federal Reserve testing a B2B exchange network. Digital reporting (e-reporting) involves submitting tax-related data electronically to... Read more