Most companies are woefully underprepared to meet an approaching compliance deadline for updated payment security standards, according to a new report.
The analysis by Bluefin and S&P Global Market Intelligence found that less than one-third of payment data security professionals surveyed said their organizations have a strong understanding of all the requirements associated with the new standards, and almost half (49%) said their organizations haven’t even started executing on the changes.
In March 2022, the Payment Card Industry Security Standards Council published Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 to address emerging threats and market changes. PCI DSS 4.0 is set to go into full effect in March 2025, replacing Version 3.2.1, which will be retired in early 2024.
Despite this rapidly approaching deadline, 90% of professionals said they’re concerned their organizations won’t get there in time and 64% said they will likely need a timeline extension, the survey of 250 PCI DSS decision-makers across North America.
“While PCI DSS 4.0 presents an array of operational and resource hurdles for enterprises to overcome, those that approach it with a strategic mindset will differentiate themselves and ultimately deliver a superior customer experience,” said Jordan McKee, fintech research director at S&P Global Market Intelligence.