In March 2022, the PCI Security Standards Council (PCI SSC), a global payment security forum, published version 4.0 of the PCI Data Security Standard (PCI DSS).
PCI DSS is a global standard that provides technical and operational requirements designed to protect account data throughout the payment lifecycle. It includes standards for merchants, payment service providers and financial institutions regarding security practices, technologies, and processes as well as standards for developers and vendors for creating secure payment products and solutions. An entity achieves PCI compliance by consistently adhering to these standards.
PCI DSS standards have been updated to address emerging threats and technologies and enable innovative methods to combat new threats. PCI DSS v3.2.1 will remain active for two years until March 31, 2024 to provide organizations with time to implement changes to meet updated requirements. As of March 31, 2024, PCI DSS v3.2.1 will be retired and v4.0 will become the only active version of the standard. Organizations will have until March 31, 2025 to phase-in new requirements that are initially identified as best practices in v4.0. After March 31, 2025, these new requirements are effective and must be fully considered as part of a PCI DSS assessment.
More information about PCI DSS 4.0 can be found on the PCI Security Standards Council website. See PCI Compliance Explained for additional information about compliance.
If your business is working to adopt current PCI standards, we’re here to help. Schedule a consultation today.
Verisave is a third-party cost-reduction firm specializing in merchant accounts and credit card processing fees.
Verisave is not a payment processor, and is not affiliated with any processors, card brands, or banks.
Verisave has more than 20 years of experience optimizing and monitoring the credit card processing industry.