As was cautioned in a CAPRAplus post about PCI DSS 4.0 in March of 2022, the forthcoming complexities and additional requirements of PCI DSS 4.0 will likely leave many organizations, especially those without dedicated PCI or IT teams, in the lurch as they determine how to handle these increased responsibilities. 

Shelli Moring, Senior Consultant at W. Capra Consulting Group, shared, “Merchants need to immediately start understanding what additional budget they are planning to allocate to tackle the increased time and costs necessary to maintain PCI compliance.  Even working to find and procure the services of an approved scanning vendor will take time and internal resources.  If you wait, you may end up in a logjam of other companies looking to secure PCI help, resulting in delayed timelines or increased vendor costs.” 

What you don’t know CAN hurt you 

Just as your company would not attempt to tackle building network devices from scratch, the specifications embedded in PCI DSS 4.0 encourage working with outside vendors to ensure all requirements are known and can be met.   

Josh Kennedy, Senior PCI Security Consultant at W. Capra, added, “PCI DSS 4.0 will significantly impact both Merchants and Service providers. Please do not drag your feet in preparing for this change. Even if you are doing an SAQ, some rather large requirements require significant implementation time”  

Going it alone will mean headaches, time, cost, and missteps 

At W. Capra, we work with our clients to lead and provide expertise related to PCI Compliance processes.  Kennedy elaborated, “We’ve found our clients benefit from our services across a wide spectrum; whether you need us available a few hours a week to answer questions while you work with your QSA to obtain your ROC, or you need an experienced resource to lead and complete the assessment process, complete with quarterly scans and penetration tests. Our team maintains the expertise to tackle any PCI-related challenge with the necessary know-how and precision.” 

Shelli Moring and Josh Kennedy are dedicated to leading W. Capra clients with tackling all things PCI. For further discussion, contact Shelli Moring at [email protected] or Josh Kennedy at [email protected].