Stay Current with Acumatica PCI Compliance Updates
Payment Card Industry Data Security Standard (PCI DSS) compliance is mandated and enforced by the Card Brands (American Express, Discover, JCB International, MasterCard, and Visa ) for all companies that store, process, or transmit cardholder data. Paya's Acumatica payments integration offers comprehensive PCI compliance resources, providing essential protection for your business and ensuring yearly compliance. In this blog post, we aim to inform Acumatica customers who process payments about some important updates to PCI DSS compliance.
What's New with PCI DSS Version 4.0
A new PCI DSS version 4.0 was released in March 2022 with a transition period from v3.2.1 to v4.0 before March 31, 2024. These requirements will be enforced effective March 31, 2025. You can prepare for the changes now to avoid missing the deadline. Paya's Acumatica integrated payments solution ensures you may adhere to the new standards to maintain compliance and avoid penalties.
For more information, the PCI Standards can all be downloaded from the PCI SSC Document Library: https://pcisecuritystandards.org/document_library
Top 10 PCI DSS v4.0 Changes
- Combat hidden malware communication channels by implementing advanced intrusion detection and prevention methods
- Authenticated scanning for internal vulnerability scans
- Reviewing user accounts and access privileges twice a year
- Daily log reviews by use of automated mechanisms vs. the option of manual reviews previously
- New measures to identify and safeguard employees from the ever-increasing threat of phishing attacks
- More stringent password requirements (length increasing from 7 to 12 characters, no hard-coding in the files or scripts)
- More thorough, specific and targeted risk assessments
- Multi-factor authentication is required for all access to the Card Data Environment (CDE) vs. administrative access to CDE previously
- Regular PCI DSS scope confirmation, including card data discovery techniques
- Revamp of multi-factor authentication requirements for secure implementation
Work with Paya's Team to Keep Up with PCI Compliance Changes
Our Paya Support team is committed to supporting Acumatica customers to ensure PCI DSS compliance can be met. When you work with Paya's Acumatica Integrated Payments team, your Acumatica customers can optimize billing and invoice processes, offer more payment options to customers, and improve back-office efficiencies. Safeguarding customer data, implementing strong passwords, and partnering with trusted PCI experts are all crucial steps in protecting against data breaches, fraud and theft.
Reach our Paya Support team to discuss your PCI DSS compliance.
Review Internal Policies and Procedures with a Self-Assessment Questionnaire (SAQ)
The Self-Assessment Questionnaire (SAQ) you get with Paya's partnership with Aperia provides Acumatica customers with downloadable sample internal PCI policies for the company. Aperia offers a Self-Assessment Questionnaire "Wizard" to direct Merchants to the correct SAQ, with easy links to fulfill requirements such as internal vulnerability scanning, antivirus and endpoint protection, PAN scanning, mobile scanning, and endpoint lock protection.
Aperia offers the following services:
- Self-Assessment Questionnaire (SAQ) "Wizard" directs the Merchant to the right SAQ. Based on SAQ requirements, easy links to Internal Vulnerability Scanning,
- Antivirus and Endpoint protection (fulfills Req. 5), PAN Scanning, Mobile Scanning, and Endpoint Lock protection (keylogging prevention powered by Advanced
- Cyber Security (ACS) *Endpoint Protection is available through Intel Security
- User-Friendly and Multi-Lingual Portal
- One-stop access to all tools needed to be compliant
- Certificates and Attestations of Compliance (AOCs)
- Integrated External Vulnerability Scanning
- Security Policy Templates
- POS Checklist and Inventory Sheet
- Extensive SAQ and SCAN Support via phone, email, and online chat
Paya, a Nuvei company, has over 25 years of experience serving 2,000+ customers with best-in-class integrated payment solutions. We emphasize solutions engineering and work closely with Acumatica partners and resellers to develop a deep understanding of their processes, pain points, and requirements. Our B2B payment solutions optimize billing and invoice processes. Acumatica customers have more payment options and flexibility to improve back-office efficiencies.
Learn how Paya's payment processing experts, solutions, and processes can benefit your business, maintain PCI compliance, and save money!