PCI DSS v4.0

We will assist you in achieving more security

usd Siegel PCI DSS Secure Payment
On 31 March 2022 the PCI Security Standards Council (PCI SSC) released PCI DSS v4.0, the most significant update of the credit card data security standard so far, which will replace the currecnt version PCI DSS v3.2.1.

On this page we have assembled the most important information for you.

The key facts at a glace

As of when is a certification according to v4.0 mandatory?
A well-defined transition period is provided for companies that are required to be certified according to PCI DSS so they can review the changes and adapt their processes and systems accordingly: PCI DSS v3.2.1 will remain valid for another 2 years, more precisely until March 31, 2024.

During the transition period, both standards, PCI DSS v4.0 and PCI DSS v3.2.1, are thus valid simultaneously. Companies affected can determine together with their QSA according to which standard they want to be certified during this period. On March 31, 2024, PCI DSS v3.2.1 will be completely replaced and v4.0 will be the only version of the standard valid from then on.

How quickly do you have to implement new requirements?

Completely new requirements in version 4.0 were given the suffix "future-dated", which gives organizations time beyond the transition period to complete necessary implementations. Until March 31, 2025, these requirements are considered best practices and are optional during that time.

After March 31, 2025, these requirements will be considered mandatory and must be fully addressed as part of future PCI DSS certifications.

What is a "Customized Approach"?

Compared to the classic approach, in which the requirements must be implemented exactly as specified in the standard, the so-called "Customized Approach" brings more flexibility to the implementation of the requirements. For example, you can use existing processes and measures that are required by other norms or standards and have already been implemented in your company for your PCI DSS certification. To do this, you need to analyze the intent of a requirement together with your QSA and show how your individual implementation fits the intent of the requirement.

We accompany you

An alignment and thus further development of existing processes based on the requirements of PCI DSS v4.0 usually requires a well considered implementation project. Whether you strive for certification according to the new version at an early stage or would like to use the transition period for implementation, we are happy to support you:

 

PCI Zertifizierungsprozess Kick-off

Overview of the new requirements

Presentation of the new requirements for your company in an initial workshop. Together, we will gain an overview of the PCI DSS v4.0 requirements that are relevant for you and outline known challenges and best practices.

PCI Zertifizierungsprozess Vorbereitung

Evaluate requirements for your company

During a gap analysis, we check all certification-relevant IT systems, existing documentation and current processes for their compliance with PCI DSS v4.0. Identified non-compliances are documented in the form of a catalog of measures and will be discussed with you.

Your certification according to PCI DSS v3.2.1 is coming up?

Our experts will be happy to conduct a gap analysis alongside the accessment in order to check your environments, documents and processes for non-compliance with PCI DSS v4.0.

PCI Zertifizierungsprozess Zertifizierung

Plan & implement measures

We do not leave you on your own after the gap analysis. Our assessors will create an individual roadmap together with you. Based on the results of your gap analysis, we will develop specific packages of measures with associated tickets, and we will closely support you in their implementation.

PCI Zertifizierungsprozess Siegel & Zertifikat

Certification according to PCI DSS v4.0

You are ready. After a successful implementation, we will accompany you as your trusted accessor in confirming your compliance with the PCI DSS.

Insights & Networking: Our events on PCI DSS v4.0

In our events, you will have the opportunity to obtain more in-depth information and to exchange experiences with our experienced accessors and personell responsible for PCI from other companies:

23.08.2022, 4.00 - 5.00 PM CEST

PCI DSS v4.0 - Impact on Retail

Applying PCI DSS v4.0 at Point of Sale. What you need to know. Compact and free-of-charge.

Contact

 

Please contact us with any questions or queries.

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Kontakt usd Sales

Anna-Magdalena Kohl
usd Team Lead Sales,
PCI Professional