The Countdown is on: One Year until PCI DSS v4.0 Becomes Mandatory

17. March 2023

On March 31, 2022, the PCI Security Standards Council (PCI SSC) published version 4.0 of PCI DSS - the most comprehensive update of the security standard for credit card data ever. Things are now getting serious for companies requiring certification: as of March 31, 2024, PCI DSS v4.0 will completely replace the previous version 3.2.1. What you need to know and how you can prepare for the changeover to PCI DSS v4.0, we summarize for you in this article

PCI DSS v4.0: Dates at a glance

As a reminder, these are the key dates for PCI DSS v4.0 implementation:

Transition to PCI DSS 4.0 - Timeline

31 March 2022

Release of PCI DSS v4.0

31 March 2022 until 31 March 2024

Transition period: During this period, assessments may be performed against PCI DSS v3.2.1 or v4.0. 

31 March 2024

Expiration of PCI DSS v3.2.1, after which v4.0 certifications must be performed.

31 March 2025

As of this date, new, future-dated requirements of PCI DSS v4.0 must be implemented.

What's new in PCI DSS v4.0?

Our experts have summarized the new requirements of PCI DSS v4.0 for you in webinars and blog posts. We will continue to keep you up to date on further innovations.

The most important changes at a glance:

Webinar recordings (on YouTube):

We take the next steps with you

Aligning and thus further developing existing processes based on the requirements of PCI DSS v4.0 usually requires a well thought-out implementation project. This is how we support you:

Overview of the new requirements

We present the new requirements for your company in an initial workshop. Together, we create an overview of the PCI DSS v4.0 requirements relevant to you and present known challenges and best practices.

Evaluate requirements for your company

As part of a gap analysis, we review all certification-relevant IT systems, existing documentation and current processes for their compliance with PCI DSS v4.0. Identified deviations are documented in the form of a catalog of measures and discussed with you.

Is your PCI DSS v3.2.1 certification coming up? Our experts will be happy to perform the gap analysis alongside your audit.

Plan & implement measures

We do not leave you alone after the gap analysis. Our auditors will work with you to create an individual roadmap. Based on the results of your gap analysis, we will develop concrete packages of measures with corresponding tickets, and we will closely support you in their implementation.

Certification against PCI DSS v4.0

You are ready. After successful implementation, we will accompany you, as usual, as your auditor in confirming your compliance with PCI DSS.

Do you have questions or need support?

Benedikt Krümmel
usd Technical Sales Consultant,
PCI Professional

Our PCI experts will guide you to your certification and support you in the transition to PCI DSS v4.0. Contact us, we will be happy to help.

Also interesting:

Security Advisories for NCP Secure Enterprise Client

Security Advisories for NCP Secure Enterprise Client

The usd HeroLabs analysts examined the VPN application NCP Secure Enterprise Client during their security analyses. Several high vulnerabilities and one critical vulnerability were identified. Among others, these allowed an attacker to gain unauthorized read access to...

Security Advisories for Seafile

Security Advisories for Seafile

The usd HeroLab analysts examined the application Seafile while conducting their security analyses. The application can be used to set up a self-managed cloud alternative that synchronizes files between server and clients. In the course of the security analysis, a...