BREAKING: PCI DSS v4.0 released

The PCI Security Standards Council (PCI SSC) published a new version of the PCI Data Security Standard (PCI DSS) on 31^st March 2022.

The new standard V4.0 provides a baseline of technical and operational requirements designed to protect payment data and will replace version 3.2.1 to help combat emerging threats and technologies.

The new requirements included in PCI DSS v4.0 are either:

• Effective immediately for all PCI DSS v4.0 assessments.
  OR
• Best practices until March 31, 2025, after which they become effective. 

The current version, v3.2.1, will remain active for two years until March 31, 2024. This will provide relevant organisations with time to understand v4.0 and implement the updates. We advise organisations to timely adopt the new PCI DSS 4.0 requirements to protect their payment data.

What are the key changes in Version 4.0?

Three key types of changes are introduced, and they are as follows:

1. Evolving requirement: Changes to ensure that the standard is up to date with emerging threats and technologies and changes in the payment industry. Examples include new or modified requirements or testing procedures or the removal of a requirement.
2. Clarification or guidance: Updates to wording, explanation, definition, additional guidance, and/or instruction to increase understanding or provide further information or guidance on a particular topic.
3. Structure or format: Reorganisation of content, including combining, separating, and renumbering of requirements to align content.

Please view the PCI DSS V4.0 key changes:

How can Centium help your organisation comply?

Our team of PCI DSS experts and specialists have worked with dozens of merchants, service providers, and acquiring banks. We have also mapped all related processes and requirements across the new PCI DSS V4.0.

If your organisation needs a helping hand in complying with PCI DSS V4.0 Standard to increase your security and meet your compliance requirements, our team would be more than happy to discuss how we can help you. You can view further information about our service, team and experience in our Service Capability info sheet.

For more information, please contact Scott Thomson, Director Cyber & IT on 0412 562 797 or scott.thomson@centium.com.au.

Our thanks to the PCI Security Standards Council for proactively updating PCI DSS requirements and providing us with supporting guidance and a supplemental "At A Glance: PCI DSS V4.0" document to understand the context of these changes. At-A-Glance: PCI DSS v4.0 is provided with permission of PCI Security Standards Council, LLC (“PCI SSC”).  All rights reserved.  Neither PCI SSC nor its licensors endorse this presentation, its provider or the methods, procedures, statements, views, opinions or advice contained herein.  All references to documents, materials or portions or requirements thereof provided by PCI SSC should be read as qualified by the actual materials made available by PCI SSC.  For questions regarding such materials, please contact PCI SSC through its website at https://www.pcisecuritystandards.org.