Payment Card Industry (PCI) Security Standards Council maintains 15 standards designed to protect payment account data. One of the 15 PCI standards is the PCI Data Security Standard (PCI DSS), which includes requirements that you are subject to if you accept credit card payments at your site(s). This standard is a set of security requirements designed to prevent cybersecurity breaches of cardholder data and reduce the risk of fraud for organizations that handle payment card information.
In March 2022, PCI DSS version 4 was released to address evolving security needs in the payment industry, promote security as a continuous process, increase flexibility and improve procedures for organizations using different methods to achieve their security goals.
The two-year adoption period for PCI DSS version 4.0 ended on March 31, 2024. From now on, all PCI DSS assessments must adhere to the v4.0 standard.
To help support your transition to the new standard, we’ve answered your frequently asked questions.
What are the key dates regarding PCI DSS v4 that I should be aware of? Here’s a look at the overall timeline of PCI DSS v4.0:
- Q1 2022: PCI DSS v4.0 released
- 2022-2023: Transition period from v3.2.1 to v4.0
- March 31, 2024: PCI DSS v3.2.1 retired
- March 31, 2025: Future-dated requirements effective
What should be implemented today? As of March 31, 2024, you should adhere to PCI DSS v4. While many of the new requirements are future dated, we recommend this time to assess current processes and plan to adjust to the new requirements.
How many new requirements are in PCI DSSv4? There are 64 new requirements in PCI DSS v4.
What are the details of the new requirements? The details of the new requirements follow this schedule:
- March 31, 2024: 13 new requirements
- March 31, 2025: 51 new requirements
For more information on the PCI DSS v4, please visit the PCI DSSv4 resource hub.
