PCI DSS Version 4.0: What is it and why now?

On the 31 March 2022, the PCI Security Standards Council (PCI SSC) released version 4.0 of the PCI Data Security Standard (PCI DSS). Version 4.0 replaces the current version, 3.2.1 and is the biggest shakeup to the PCI DSS for years.

The PCI DSS is a set of requirements that any organisation that stores, processes or transmits payment card information is required to adhere to. Should an organisation provide a service that can affect the security of payment card information, they too are obligated to adhere to its requirements.

But why now?

The changes in the threat landscape have continued to evolve significantly in recent years, and so, the controls that protect payment card information must change with them. The increasing use of cloud-based technologies and the sophistication of attacks are the main drivers for these changes.

Version 4.0 has been developed in partnership with global industry. Over 200 companies have provided more than 6,000 items of feedback to the PCI SSC to create the new standard.

Recommended articles:

What are the key changes in v4.0? >>

What should organisations do about it? >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>