Menu Close

Payment Card Industry (PCI) DSS v4.0

What are the key changes in v4.0?

The changes in v4.0 are designed to meet a series of principles in a similar way that the control requirements are based on a set of principles. They are:

Promoting security as a continuous process



Increasing flexibility

Enhancing validation methods and procedures 

Continue to meet the security needs of the payment industry

From a more granular perspective, in v4.0 some of the changes will include:


The requirement for Multi-Factor Authentication will be expanded as well as updates to password requirements.

 Education and awareness 

The introduction of requirements for e-commerce and phishing training.


Rather than an overall expectation of roles and responsibilities, these will be expanded to ensure that they are clearly defined for each requirement within the PCI DSS.


The allowance of group, shared and generic accounts.


The use of targeted risk analysis to empower an organisation to establish frequencies for certain activities.

This is not a comprehensive list, just an overview of some of the significant changes. As a Qualified Security Assessor (QSA) company, Xcina Consulting can assist your organisation with preparing for the changes in the standard.

Read other chapters in the series:

Part 1: PCI DSS Version 4.0 What is it and why now?  >>

Part 3: What should organisations do about it? >>


If you would like to know more and how we are assisting our clients in adjusting to the new standard, please contact us at


James Drake

Senior Director 
Xcina Consulting Limited

Speak to me directly by Email

James is a Certified Information Systems Security Professional (CISSP), ISO27001 Information Security Lead Auditor and qualified PCI Quality Security Assessor (QSA) from a multi-industry background. He is experienced in delivering risk based information assurance projects including PCI-DSS assessments, vCISO engagements, GDPR gap analysis and ISO27001 implementations including ISMS management.

To discuss how the above impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.




Stay in control of your inbox

Register your details to receive our featured insights,
news and analysis covered by our Information Security team.

Stay up to date and discover how the requirements impact your business.