As e-commerce fraud rises, new security standards (PCI DSS 4.0.1) will take effect in March 2025, requiring online retailers to secure their entire website, strengthen authentication, and monitor third-party scripts and payment pages. Merchants must assess their compliance level, implement necessary security controls, and document efforts to meet the new requirements, with larger businesses facing stricter rules.
South Africa: New Security Rules for Online Payments
Public
Other countries
Author: Ivana Picajkić
Category:
General subject related
Views:
135
Content accuracy validation date:
28.03.2025
Content accuracy validation time:
08:35h
As e-commerce grows, so do security threats like e-skimming, where hackers steal credit card data by exploiting website vulnerabilities. To combat this, PCI DSS 4.0.1, a stricter security standard, will take effect in March 2025, requiring online merchants to strengthen their payment security measures.
What are the important changes for retailers?
- Full-Site Security – Merchants must secure their entire website, not just the payment form, to prevent cyberattacks,
- Stronger Authentication – Enhanced password rules and multi-factor authentication are mandatory,
- Third-Party Script Monitoring – Merchants must track and authorize all scripts, including those from third parties, to prevent unauthorized access to customer data,
- Payment Page Monitoring – Retailers must set up alerts to detect unexpected changes that may indicate a security breach.
Merchants are categorized into four levels based on transaction volume, with larger businesses facing stricter requirements:
- Level 1: Over 6 million transactions per year
- Level 2: 1-6 million transactions per year
- Level 3: 20,000-1 million transactions per year
- Level 4: Fewer than 20,000 transactions per year
What are the next steps for retailers?
- Determine your compliance level: Your PCI DSS scope (the extent to which you need to comply with the standard) is determined by how you handle cardholder data,
- Understand the requirements by reviewing the PCI DSS v 4.0.1 (Available for download through the PCI Security Standards Council),
- Assess your current security level by identifying gaps and areas for improvement,
- Implement necessary security controls based on your chosen integration method,
- Document your compliance efforts, which requires you to maintain records of policies, procedures, and assessments.
A good step to ensure readiness before the deadline is also speaking to a security expert or a webmaster.
Other news from Other countries
Malaysia's E-Invoicing: MyInvois System Goes Live, Phased Implementation
Public
Other countries
Author: Ljubica Blagojević
Other countries
Author: Ljubica Blagojević
Malaysia is gradually implementing mandatory e-invoicing from August 2024 to January 2026 for businesses with sales over RM150,000. Invoices must be approved by the tax authority before being sent to customers, using the MyInvois system and Peppol network. The rollout supports Malaysia’s push to modernize tax reporting and improve compliance. Malaysia is rolling out its MyInvois e-invoicing system... Read more
TLv6 Implementation Marks Significant Shift in EU’s Trust List Format
Public
All countries
Author: Ivana Picajkić
A new EU Trust List format, TLv6, will officially replace TLv5 in May 2025 as part of the updated eIDAS Regulation (EU 2024/1183). It introduces key technical changes like a new URI field, updated signature format, and optional phone number support. Organizations must update their systems to avoid signature validation failures and service disruptions, as TLv5 will no longer be valid once TLv6 take... Read more
India's GST E-Invoicing Update: 30-Day Deadline and B2C Expansion
Public
Other countries
Author: Ljubica Blagojević
Other countries
Author: Ljubica Blagojević
From April 1, 2025, Indian businesses with turnover over ₹10 crore (approx. €112,000) must report B2B e-invoices within 30 days or lose GST input credit. Invoices are validated through the IRP, which issues a unique code and QR for sharing. B2C e-invoicing and e-way bill integration are planned by 2026–2027 to improve compliance. Starting 1 April 2025, Indian businesses with annual turnover over ₹... Read more
Chile: Mandatory Printed E-Invoices/Receipts for Customers Starting May 2025
Public
Other countries
Author: Ema Stamenković
Other countries
Author: Ema Stamenković
Chilean Internal Revenue Service (SII) issued Resolution No. 12, requiring e-invoices and e-receipts to be delivered to customers for cash, bank transfers, debit, or credit cards, with the option to send a virtual presentation. On January 17th, Chile's tax authority, the SII, released Resolution No. 12. This resolution details new rules for businesses when giving customers printed copies of electr... Read more
Malaysia's E-Invoicing Mandate: AI Solutions for Compliance
Public
Other countries
Author: Ema Stamenković
Other countries
Author: Ema Stamenković
The Malaysian Inland Revenue Board (IRBM) is implementing new rules that make e-invoicing mandatory in Malaysia, so businesses will need to adopt automated and AI-driven tools to ensure they're following the regulations. The deadline for e-invoicing in Malaysia starts on August 1, 2024, for larger businesses, and full compliance is expected by July 1, 2025. Companies will have to connect with MyIn... Read more
What are the Differences Between Sales Tax and Use Tax in America?
Public
Other countries
Author: Ivana Picajkić
Other countries
Author: Ivana Picajkić
Sales tax is a small fee added to most purchases, collected by the seller and sent to the government to fund public services. Rates vary by state, and some cities add extra on top. Use tax applies when you buy from out of state or online and don’t pay sales tax, then it’s your responsibility to report and pay it to your state. While both taxes serve the same purpose, they apply in different situat... Read more