Summary: <a href="https://www.complianceandethics.org/wp-content/uploads/2015/02/turteltaub-adam-200x200.jpg"></a>By <a href="mailto:adam.turteltaub@corporatecompliance.org">Adam Turteltaub</a><br> <br> Payment Card Industry (PCI) compliance is driven by a set of rules that set a standard of security for any entity that takes, stores or processes credit card data. Any time you or I make a credit card purchase, we rely on PCI compliance by all involved to keep our information safe.<br> <br> Now, the standard is evolving to PCI 4.0, explains <a href="https://www.mwe.com/people/schreiber-mark-e/">Mark Schreiber</a>, Senior Counsel at McDermott Will & Emery. PCI 4.0 is far more robust and clarifies the misunderstandings in the previous standard. It also imposes more than 50 new obligations.<br> <br> Most notable of the changes is the new emphasis on third parties and the need to monitor them. Now, merchants must maintain lists and descriptions of all third-party providers, have written agreements with them that accounts for security standards and includes a process for due diligence before engaging with them.<br> <br> Central to the process is a responsibility matrix, which outlines which party is responsible for each aspect of credit card security.<br> <br> Perhaps needless to say, this is not likely to be a quick process. Also likely to be time consuming is the mandatary self-assessment questionnaire.<br> <br> Listen in to learn all that PCI 4.0 requires and to hear an important warning: just because you outsource your credit card processing, doesn’t mean you outsource the risk.
