2021 marks the beginning of the implementation of the new PCI DSS standards, with the final version of PCI DSS v4.0 currently planned for completion in Q4 2021. The planning phase, which has been run collaboratively by the Security Standards Council with the global industry since 2019, has now come to an end and the time window for global financial institutions to begin implementing their solutions has begun. In short, if you haven’t started yet, you’re already behind the curve.
There is an 18-month transition period between the launch of the new v4.0 standards and the retirement of the old v3.2.1. But as any large financial institution knows, the modernization of a mission-critical payments engine is a wide-ranging project that impacts multiple legacy systems within the bank. The speed at which a project can be completed will really be limited by the existing legacy technology and infrastructure, particularly if it has been extensively customized.
Many legacy systems have now reached end of life—where they cannot support tactical or add-on changes to meet the new requirements—and their vendors won’t be releasing mandate supports. This means that alongside the regulatory timeline drivers, these legacy vendors are forcing banks into a migration project.
But, despite the challenges, this market event provides the catalyst that many banks need to kick-start their consumer payments modernization programs. And the positive news is that newer, more flexible payment platforms provide a progressive path to modernization rather than the “rip and replace” of old. These solutions, in combination with modern deployment options such as the cloud (public or private), create the ability for institutions to target and prioritize discrete services or workloads to migrate to new platforms against variable criteria, such as compliance deadlines or ROI. In this way, a large-scale project initiated by a compliance mandate can in fact become a revenue generator. By identifying milestones, including those that can be directly monetized, such as the launch of a new payments service, institutions evade the pitfalls of historical migrations that would get stuck in the quicksand of replicating all previous processes and customizations in the new attempt to replicate every customization on the new platform; essentially stripping out the value of the migration.
For those seeking to leverage PCI 4.0v1 as the catalyst for progressive consumer payments modernization, the focus should be on migrating services, not processes or customizations, and on launching net new value drivers in the new platform—all as part of an agile project approach that reaches ROI milestones along its pathway.
Watch our expert view on-demand webinar to learn how banks can achieve PCI 4.0 compliance through progressive payments modernization.