By Andrew Beers, VP, Engineering
The new and increased security demands in the payments industry are harrowing. If you are a software provider in the healthcare or pharmacy space utilizing payments, keep reading.
The PCI DSS v3.2.1 expires on March 31, 2024, and this is likely how you are certified today. As 3.2.1 expires, version 4.0 of the PCI DSS goes into full effect. PCI Version 4.0 brings with it new demands and increased time burdens. Across your organization’s security and infrastructure management teams you should expect an increase of 33% from last year due to PCI alone. This new 4.0 version was announced on March 31, 2022, with the intent to give merchants and service providers two years to upgrade and comply. Shocked and not ready? We can help! We have a certified PCI Version 4.0 solution designed with your software in mind.
Security specialists required.
With the arrival of PCI 4.0, comes stricter, more complex, and more expensive requirements. Let’s break some important requirements down.
First off, there’s a requirement about “SIEM” (Security Information and Event Management). This is a tool that helps organizations like yours spot, evaluate, and respond to security threats before they can interfere with your business operations. SIEM with alerting and recurring controls can be costly, and it demands a level of security expertise not commonly found in smaller IT or software teams.
The next requirement pertains to the management of service accounts. When the PCI council says “strictly managed,” they mean it’s super strict! Interactive use is under tight control, requiring automated unchangeable logging, with justification and identity control integrated into the solution. Auditors will be watching closely, especially when it comes to your Card Holder Data (CHD) infrastructure. It also means your service accounts need rigorous and frequent password change controls or advanced infrastructure management automation.
PCI Version 4.0 did not stop at security posture requirements that you document. It has introduced an onslaught of brand new (and suites of) requirements. The new requirements range from fully authenticated internal security scans to “File Integrity Monitoring for the Payment Page, Scripts, and beyond,” to encryption changes.
If you’re overwhelmed, don’t be. Pass your burden to Emporos: Your advocate, champion, and service provider.
Just like PCI is now passing on controls to service providers around monitoring the integrity of the files on your server, payment page, and beyond, you too can pass on these burdens to Emporos. We have designed every aspect of our solution to be used as painlessly as possible in your solution. We know how hard it is in the game of commerce, especially pharmacy and healthcare commerce, to keep up with the daily requirements of your customers. This is why we decided to focus our technological expertise and experience on providing the best commerce experience possible. Our solution works on whatever device you need, with whatever software you choose. All it takes is a simple API to pass us a transaction and a URL to open a browser window, and we can enable a suite of solutions from physical devices to messaging your customers. Finally, a payments solution that works where your customers are so they can seamlessly pay how they need. We will help you focus on areas where you need to be great, while we ensure your payment experience is great.
Compliance is critical because your PCI security matters!
This article highlights just a few of the newest demands coming with PCI Version 4.0. Security is Emporos’s top priority as a solution provider. Specifically, security in the payment industry to protect card holder data. This is among the most critical needs in software. Here at Emporos, we support the PCI Council forcing secure and compliant solutions industry wide. We understand the burden of keeping up with the endless march of technology, and especially know that maintaining compliant solutions is one that most software teams cannot sustain. These seemingly impossible security and maintenance challenges are why the Emporos Payments Solution was created. Our industry needs a multi-gateway solution that operates across virtually every processor, seamlessly integrated into any solution, robust reporting, supports all development languages, across any device, and on any commercial scale. Our industry gets what it needs, and you should too. Emporos is the answer to your biggest payments and compliance challenges.
Curious to learn more? Let’s chat.
About the Author
Andrew Beers is the VP of Engineering for Emporos. Following his position as the Lead Application Architect, at SessionM, a MasterCard Company, Andrew proudly joined Emporos in January of 2022. He has spent much of the last decade focused on innovations at point of sale and commerce to improve experience, engagement, and loyalty between merchants, service providers, and consumers. Many of these innovations are still used by millions daily. Andrew counts himself lucky to lead an incredibly talented and seasoned team of Engineers at Emporos, many who share similar robust experience in both point-of-sale, commerce, security, and compliance.
Emporos fosters a strong belief that quality is a trait shared by the entire company. It is only through a dedication to quality that we can provide solutions that truly innovate and solve the real pain that the market, our customers, experience every day.