Increased Scanning Requirements in PCI DSS v4.0: usd Invites Acquirers to an Exchange of Experiences

22. November 2023

For many companies in the payment industry, preparations for PCI DSS v4.0 are reaching the final stage. This is also the case for Acquirers, payment institutions that process card payments for merchants, and their customers. As solutions to shared challenges can be better found together, usd has been inviting representatives of European Acquirers to exchange experiences and knowledge for many years.

"The format is characterized by the transparent presentation of current implementation possibilities and the presentation of various options. The opportunity to ask individual questions rounds off the event and enables an interactive exchange," says Patricia Brenner, Scheme Projects Manager, VR Payment GmbH.

On November 9, it was time again. The most important topic on the agenda was PCI DSS v4.0 and the implementation of the new security requirements for SAQ A merchants. According to the latest version of the standard, the majority of merchants will be obliged to have external security scans carried out regularly by accredited providers (ASV) starting in April 2024. With this tightening of the scanning obligation, the PCI Council is responding to the constantly growing threat of web skimming attacks, among other things.

Susanne Pfitzner, Service Manager for usd Security Platforms, understands the challenges that this new requirement poses for Acquirers and their customers: "As you can imagine, many merchants who have never had to conduct security scans before have neither much understanding of the new requirement nor sufficient resources. It is therefore important for their Acquirers to offer practicable solutions. Of course, we won't leave them on their own."

The agenda of the usd Acquirer Meeting therefore included a presentation of new and planned future features of the usd PCI Compliance Management Platform as well as a detailed block on the topic of the extended scanning obligation for merchants with SAQ Type A. In addition to various options for dealing with the scanning obligation, Acquirers were also given suggestions for communicating with their merchants.

"The presentations provided a very informative overview of the challenges for SAQ A merchants in PCI DSS v4.0 and in particular helped to understand the new requirement to carry out vulnerability scans," summarizes Jörg Michael, Business Analyst Payment Products, PAYONE GmbH. "Many thanks to the usd team, as a participant I was well understood and actively involved."

Also interesting:

A5: BSI Publishes New Audit Framework for Trustworthy AI

A5: BSI Publishes New Audit Framework for Trustworthy AI

The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized...

Black Hat USA 2026 | Las Vegas | 01. - 06. August 2026

Black Hat USA 2026 | Las Vegas | 01. - 06. August 2026

Black Hat is considered one of the most important conference series in IT security. At Black Hat USA 2026, security researchers and experts presented the latest research findings as well as new developments and trends in cybersecurity.. Our colleagues from usd HeroLab...

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Categories

Categories