The Final Countdown: 1 Month to Go until PCI DSS v4.0 Becomes Mandatory

27. February 2024

On March 31, 2022, the PCI Security Standards Council (PCI SSC) published version 4.0 of PCI DSS - the most comprehensive update of the security standard for credit card data ever. Things are now getting serious for companies requiring certification: as of March 31, 2024, PCI DSS v4.0 will completely replace the previous version 3.2.1. Here is what you need to know:

PCI DSS v4.0: Deadlines at a glance

As a reminder, this is the PCI DSS v4.0 timeline:

31 March 2022

Release of PCI DSS v4.0

31 March 2022 until 31 March 2024

Transition period: During this period, assessments could be performed against PCI DSS v3.2.1 or v4.0. 

31 March 2024

PCI DSS v3.2.1 expires. As of this date, certifications must be performed against v4.0.

31 March 2025

As of this date, new, future-dated requirements of PCI DSS v4.0 must be implemented.

Best Practices for yor transition to PCI DSS v4.0

For many companies, the transition to PCI DSS v4.0 still raises many questions. Do we really need to complete our transition by April 2024? What parts of the transition require extensive preparation? In this recording of our usd webinar, two of our PCI auditors share their best practices from past transition projects and provide tips.

Webinar recording July 05, 2023

A detailed look at the most important changes

Our experts have summarized the new requirements of PCI DSS v4.0 for you in webinars and blog posts. We will continue to keep you up to date on further developments.

Blog posts:

Webinar recordings (on YouTube):

Resources provided by the PCI Security Standards Council

PCI Security Standards Council – FAQs (

Eight Steps to Take Toward PCI DSS v4.0 (

PCI Security Standards Council – Document Library (

We take the next steps with you

Aligning and thus further developing existing processes based on the requirements of PCI DSS v4.0 usually requires a well thought-out implementation project. This is how we support you:

Overview of the new requirements

We present the new requirements for your company in an initial workshop. Together, we create an overview of the PCI DSS v4.0 requirements relevant to you and present known challenges and best practices.

Evaluate requirements for your company

As part of a gap analysis, we review all certification-relevant IT systems, existing documentation and current processes for their compliance with PCI DSS v4.0. Identified deviations are documented in the form of a catalog of measures and discussed with you.

Plan & implement measures

We do not leave you alone after the gap analysis. Our auditors will work with you to create an individual roadmap. Based on the results of your gap analysis, we will develop concrete packages of measures with corresponding tickets, and we will closely support you in their implementation.

Certification against PCI DSS v4.0

You are ready. After successful implementation, we will accompany you, as usual, as your auditor in confirming your compliance with PCI DSS.

Do you have questions or need support?

Benedikt Krümmel
usd Technical Sales Consultant,
PCI Professional

Our PCI experts will guide you to your certification and support you in the transition to PCI DSS v4.0. Contact us, we will be happy to help.

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...