No products in the cart.
New PCI Compliance Standards Coming March 2025 – And DMARC Remains Key
Content by: Anush Yolan from EasyDMARC
In March 2022, the Payments Cards Security Council released PCI DSS 4.0, its latest global technology and operations framework for combating cybercrime involving credit cards and other payments.
What Does it do?
In short, it’s a standard that puts the onus on an organization to adopt effective business practices that protect themselves and clients using their payment services against cybercrime.
Since 4.0, DMARC has been referenced as a recommended best practice for anti-phishing – securing email, the primary source for attacks. By March 2025, such technologies will be required for PCI compliance.
As PCI DSS 4.01 replaces 4.0, we thought that this was a good time to provide an explanation about why this is important for handling card payments now and in the run-up to March 2025.
Not following the guidance outlined in PCI DSS 4.01 and leaving users open to non-compliant breaches could lead to the imposition of substantial financial penalties and possible loss of their merchant account.
The Current Landscape
Unsurprisingly, the Financial Services sector was the first to fully adopt the standard with Education closely following. But as of March 2025, it will come into effect for payment-handling businesses of all sizes.
The Role of DMARC
Fundamental to the PCI DSS standard is securing email. If an organization applied the DMARC protocol, in conjunction with DKIM and SPF, then the domain would meet best practice.
This is a great idea in theory but in practice, DMARC remained a complex, time-consuming project to implement, even for enterprise-level organizations able to call on extensive technical resources.
Simplification of DMARC implementation came with the emergence of specialist DMARC vendors such as EasyDMARC, first helping enterprise organizations identify the location of all their sender emails and begin to secure them so that only legitimate communications could be distributed.
Recognizing the MSP Opportunity
With DMARC adoption quickly becoming a requirement for business operations of all sizes, MSPs can bridge the technology gap.
Accessing a dashboard and managing the DMARC process on behalf of multiple clients means that SMBs who handle card payments can also meet the March 2025 deadline.