FISCAL SOLUTIONS...
News
Public Other countries Author: Ivana Picajkić
As e-commerce fraud rises, new security standards (PCI DSS 4.0.1) will take effect in March 2025, requiring online retailers to secure their entire website, strengthen authentication, and monitor third-party scripts and payment pages. Merchants must assess their compliance level, implement necessary security controls, and document efforts to meet the new requirements, with larger businesses facing stricter rules.
Category:

General subject related

Views: 55
Content accuracy validation date: 28.03.2025
Content accuracy validation time: 08:35h

As e-commerce grows, so do security threats like e-skimming, where hackers steal credit card data by exploiting website vulnerabilities. To combat this, PCI DSS 4.0.1, a stricter security standard, will take effect in March 2025, requiring online merchants to strengthen their payment security measures.

What are the important changes for retailers?

  • Full-Site Security – Merchants must secure their entire website, not just the payment form, to prevent cyberattacks,
  • Stronger Authentication – Enhanced password rules and multi-factor authentication are mandatory,
  • Third-Party Script Monitoring – Merchants must track and authorize all scripts, including those from third parties, to prevent unauthorized access to customer data,
  • Payment Page Monitoring – Retailers must set up alerts to detect unexpected changes that may indicate a security breach.

Merchants are categorized into four levels based on transaction volume, with larger businesses facing stricter requirements:

  • Level 1: Over 6 million transactions per year
  • Level 2: 1-6 million transactions per year
  • Level 3: 20,000-1 million transactions per year
  • Level 4: Fewer than 20,000 transactions per year

What are the next steps for retailers?

  • Determine your compliance level: Your PCI DSS scope (the extent to which you need to comply with the standard) is determined by how you handle cardholder data,
  • Understand the requirements by reviewing the PCI DSS v 4.0.1 (Available for download through the PCI Security Standards Council),
  • Assess your current security level by identifying gaps and areas for improvement,
  • Implement necessary security controls based on your chosen integration method,
  • Document your compliance efforts, which requires you to maintain records of policies, procedures, and assessments.

A good step to ensure readiness before the deadline is also speaking to a security expert or a webmaster.

 

Other news from Other countries