Remote Support
Client Login
Speak with a technology expert

Schedule your Free Consultation with 

the Data Magic Team.

Fill in your information below to schedule now.

Coppell, TX 75019

1401 E. Sandy Lake Rd.

Data Magic University
Data Magic Store

PCI Requirement 12.4: What It’s About & What It Means for You

  • Shane
  • July 1, 2016
  • 9:21 am
  • 0 comments

What the PCI Requirement 12.4 means for you and your business.

Changes to the PCI Requirement 12.4 were released in April 2016 and raised an endless amount of questions. Thankfully, we’re going to explain some of the changes and what they mean for third party service providers and merchants. With this being said, here’s a look at what the PCI Requirement 12.4 means for you and your business.

PCI Compliance

Why Updates Were Made

Updates to the PCI Requirement were made simply because of the consistently rising rates of data breaches. In 2015 alone, there was 3,930 breaches that exposed over 736 million records (according to a report by Cyber Risk Analytics). With 288 breaches being incidents involving third parties and 64.6% of the breaches from hacking, updates had to be made to protect customers and ownership of their private information.

Although the security market has dramatically changed over the past decade, the collateral damage associated with a data breach has only gotten worse. PCI has been very forceful in regard to the needs of contractual language between service providers, vendors, and third parties so that data is protected within their guidelines.

PCI Requirement 12.4: What’s New?

Such new requirements added to the PCI Requirement 12.4 are:

  • For your information security policy, define the executive’s role and how it is related to the data security as a whole.
  • For assessors, a requirement of the audit cycle is see how well Executive Leadership is disseminated and ingrained into everyday operations. If a customer can reach customer service and receive a consistent/concise response, the requirement has been met.
  • For merchants, third parties, and service providers, each party needs to state their role and what they’re doing to ensure data security on their end. This means that each party needs to state specific responsibilities, service lines, groups, and divisions within their organization to meet the new requirements of PCI Requirement 12.4.
  • Lastly, assessors are searching for organizations that effectively communicate how important security is for their organization and make it part of the company’s culture. Explaining how the organization is held accountable, designed, and structured in regard to client data is needed as part of the requirements (which is in addition to previous PCI requirements).

So in consideration of the information above, it’s important to see where your business stands in regard to the PCI Requirement 12.4. Contact us at (469) 635-5500 for more information.

Ready for a better IT experience?

Reach out to Data Magic today
Speak with a technology expert
Book Your Consultation

The Only IT Company In Dallas/Forth Worth To Offer You A Hassle Free Service Guarantee.


Our team is made up of an amazing group of individuals who understand and appreciate excellent customer services, with years of experience in technology and business operation.

The human side of

information technology

Maximizing the Patient Experience with Top-Notch IT!
A Quick and Easy Overview of Cybersecurity Insurance for Your Business
Cloud Migration Strategies for Dealerships: How to Easily Move to Cloud at Your Dealership
IT Reporting Is Important and You Should Be Paying Attention
Navigating Hybrid Work Cybersecurity Strategies

Copyright 2021 Data Magic Computer Services. All Rights Reserved. Site Design: Digital Elevator Sitemap|Privacy Policy|Website Accessibility

Skip to content