Navigating New PCI Standards and Expectations

By Simon Gamble, President, Mako Networks

The payment security landscape has evolved to address modern threats. Cybercriminals are constantly looking for new ways to target and breach vulnerabilities in payment systems, customer data, and supply chains. The consequences of a data breach extend beyond financial losses, including reputational damage and erosion of customer trust.

The Payment Card Industry Data Security Standard (PCI DSS) has evolved to version 4.0.1, introducing significant changes that will become mandatory by March 31, 2025. These updates aim to address emerging security threats and provide organizations with greater flexibility in achieving and maintaining PCI DSS compliance.

Key updates include:

1. Enhanced Security Measures

• Stronger Password Requirements: Minimum password length increased from 7 to 12 characters, enhancing access security.
• Multi-Factor Authentication (MFA): Expanded MFA implementation to all access into the cardholder data environment, not just administrative access.

2. Customized Approach and Risk Assessments

• Customized Approach: Allows organizations to meet security objectives through different methods, providing flexibility in achieving compliance.
• Increased Use of Risk Assessments: Organizations must perform thorough risk assessments, especially when implementing the Customized Approach, to ensure security measures are effective.

3. Advanced Network Security

• Web Application Firewalls (WAF): Mandatory deployment of WAFs for public-facing web applications to protect against attacks.
• Enhanced Encryption Protocols: Strengthened requirements for encrypting sensitive authentication data and cardholder data during transmission and storage.

4. Continuous Monitoring and Testing

• Automated Log Monitoring: Emphasis on real-time monitoring of security logs to detect and respond to threats promptly.
• Regular Security Testing: Increased frequency and scope of penetration testing and vulnerability assessments to identify potential weaknesses.

5. Documentation and Governance

• Comprehensive Documentation: Requirement for detailed documentation of security policies, procedures, and controls to ensure clarity and accountability.
• Enhanced Validation Methods: Improved processes for validating and reporting compliance, ensuring organizations maintain robust security postures.

Mako Networks ensures retailers can efficiently adhere to PCI DSS v4.0 through the new Mako Merchant PCI solution, which integrates advanced compliance automation and management features into the PCI-certified Mako Central Management System (CMS).

Mako is the only network vendor whose underlying technology is PCI-certified, enabling retailers to inherit Mako’s compliance directly, reducing the complexity of achieving certification on their own.

Mako’s pre-certified system includes the necessary controls for PCI DSS 4.0 compliance, allowing retailers to focus on operations instead of managing compliance intricacies.

Mako supports retailers in achieving and maintaining compliance:

Enhanced Security Features

• Stronger Authentication Controls:
  • Mako supports multi-factor authentication (MFA) and secure access controls across all devices and users, fulfilling 4.0 requirements for enhanced authentication protocols.
• Real-Time Threat Detection and Alerts:

• • Mako’s intrusion prevention system (IPS) continuously monitors for vulnerabilities, aligning with the 4.0 emphasis on continuous threat detection and response. Mako detects and addresses potential compliance violations immediately, reducing risk and maintaining adherence to evolving standards.

• Advanced Firewall Capabilities:
  • Mako’s Next-Generation Firewall secures traffic flows, blocking unauthorized access to cardholder data environments (CDE) and ensuring compliance with segmentation requirements.

• Tailored Security Implementations:
  • Mako’s flexible architecture supports customized approaches, allowing retailers to align security measures with their specific risk profiles as outlined in PCI DSS 4.0.
• Automated Vulnerability Scanning:
  • Retailers can automatically conduct internal vulnerability scanning without adding devices to their networks.  Results can be viewed and assessed in the Mako CMS.
• Automated Wi-Fi Scanning:
  • Retailers can schedule automated Wi-Fi scanning from the Mako CMS.  Mako’s AI and machine learning will alert on detected threats.

Simplified Compliance Management

• Automated Tasks: Mako Merchant PCI automates critical compliance tasks, including configuration reviews, vulnerability scanning, and the self-assessment questionnaire (SAQ) filing process.
• Bulk Operations: Retailers can group locations to address compliance tasks collectively, saving time and ensuring consistency across multiple sites.
• Interactive Dashboard: The PCI Dashboard provides real-time compliance status updates, historical reports, and action item timelines for role-based users.
• Automated Log Management: Mako’s solutions include automated collection and storage of security logs for Mako devices, meeting PCI DSS 4.0 requirements for real-time logging and reporting.

Enhanced Visibility and Oversight

• Full Estate View: Mako’s PCI Dashboard offers scalable, interactive views of compliance status across the entire retail estate, down to individual sites.
• Compliance Tracking: Retailers can monitor scan completion, SAQ filing dates, and action items at a glance, ensuring no tasks are overlooked.
• Historical Records: All compliance activity is archived, providing a clear audit trail for annual reviews and assessments with the option for monthly reporting, as well.

Streamlined Vulnerability Management

• Integrated PCI Scanning: The Mako PCI Scanner performs proactive vulnerability and Wi-Fi scans in compliance with PCI DSS v4.0 requirements (11.2 and 11.3), identifying and addressing potential issues before they escalate.
• AI-Driven Insights: AI-powered tools simplify the analysis of scan results, making it easier to detect rogue Wi-Fi networks and other vulnerabilities.
• Seamless Deployment: The scanner can be scheduled and deployed in bulk across thousands of locations without disrupting operations or requiring site visits.

Simplified SAQ Completion

• Autofilled Forms: The SAQ process is streamlined by autofilling questionnaires using Mako’s device configurations, scan results, and compliance settings, reducing the manual effort to as few as four questions per site group.
• Step-by-Step Wizard: An intuitive wizard guides users through the SAQ process, ensuring accurate completion.
• Electronic Submissions: Completed SAQs are electronically submitted to acquiring banks, eliminating paperwork and administrative overhead.

Proactive Reminders and Alerts

• Task Notifications: Automated alerts remind users of upcoming reviews, scan deadlines, and SAQ submissions to ensure timely compliance.
• Dashboard Summaries: Relevant compliance data is presented in clear summaries, enabling quick action on pending tasks.

Scalable for Multi-Site Retailers

• Flexible Deployment: The Mako Merchant PCI solution scales from a few sites to thousands, supporting retailers with distributed operations.
• Centralized Management: The Mako CMS unifies compliance oversight, allowing retailers to manage their entire estate from a single cloud-based platform.

With Mako, adhering to PCI DSS 4.0 becomes a streamlined and efficient process, empowering retailers to meet the demands of a rapidly changing retail environment.

• Time and Cost Savings: Automating repetitive compliance tasks reduces administrative workload and improves accuracy.
• Reduced Risk: Continuous vulnerability scans and automated reviews help retailers address security issues proactively.
• Simplified Auditing: Comprehensive dashboards and archived data make annual assessments straightforward and hassle-free.
• Improved Compliance Confidence: By integrating PCI DSS requirements directly into its tools, Mako ensures retailers remain compliant without additional external scanning or consulting services.

Curious to learn more? Download the brochure or contact sales@makonetworks.com.