01
Apr
21

There Will Be No PCI DSS v4

In a brief yet bold announcement, the PCI Security Standards Council today announced that the card brands have come to an impasse and cannot agree on key provisions of PCI DSS v4.

Council Communications Director, April Fools-Day, states in the Council’s Blog post that, “The card brands have tried and tried to work through their differences on key parts of the new version of the PCI DSS, but their differences have been unable to be resolved.  As a result, the Council has been informed that we will need to go back to pre-Council times when each card brand had their own security compliance program.”

An anonymous source from American Express stated that, “We fully expect to have our security program issued in a matter of days.  We were happy with where version 4 was headed, and we intend to publish that program with only minor revisions.”

A source from Visa USA who insisted on anonymity because they are not allowed to officially speak about the matter stated, “Version 4 as it existed was not an advancement.  Too many loopholes in the work program.  It wasn’t about to advance security of card data and was taking us back to the dark ages of information security.”

A Mastercard spokesperson stated, “What Visa said.”

Spokespeople for Discover and JCB had no comment on the news.

Dr. Brandon Williams, a known critic of the Council stated, “It was just a matter of time before this all imploded.  I have seen this coming for years.”

Dr. Anton Chuvakin, noted SIEM expert and author of many PCI DSS books, said, “Meh!”

The PCI Dream Team were stunned by the news.  However, after a moment to catch his breath, Art “Coop” Cooper said, “I suppose it was bound to happen at some point.  I just thought it would be decades out.”

It will be interesting to see the reaction to this news as people let it all sink in.  In the meantime, enjoy April the First.


3 Responses to “There Will Be No PCI DSS v4”


  1. April 5, 2021 at 11:05 AM

    I’m dying laughing! The quotes are accurate!

  2. 2 Owen Griffiths
    April 1, 2021 at 3:51 AM

    Ha. You got me. Unfortunately was in a Teams meeting about PCI when your email came and actually said “WTF is this” and started to read it to everyone before I realised what I was doing. Was still funny though.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,423 other followers


%d bloggers like this: