PCI DSS v4.0

We will assist you in achieving more security

usd Siegel PCI DSS Secure Payment
On 31 March 2022 the PCI Security Standards Council (PCI SSC) released PCI DSS v4.0, the most significant update of the credit card data security standard so far, which will replace the currecnt version PCI DSS v3.2.1.

On this page we have assembled the most important information for you.

The key facts at a glace

As of when is a certification according to v4.0 mandatory?
A well-defined transition period is provided for companies that are required to be certified according to PCI DSS so they can review the changes and adapt their processes and systems accordingly: PCI DSS v3.2.1 will remain valid for another 2 years, more precisely until March 31, 2024.

During the transition period, both standards, PCI DSS v4.0 and PCI DSS v3.2.1, are thus valid simultaneously. Companies affected can determine together with their QSA according to which standard they want to be certified during this period. On March 31, 2024, PCI DSS v3.2.1 will be completely replaced and v4.0 will be the only version of the standard valid from then on.

How quickly do you have to implement new requirements?

Completely new requirements in version 4.0 were given the suffix "future-dated", which gives organizations time beyond the transition period to complete necessary implementations. Until March 31, 2025, these requirements are considered best practices and are optional during that time.

After March 31, 2025, these requirements will be considered mandatory and must be fully addressed as part of future PCI DSS certifications.

What is a "Customized Approach"?

Compared to the classic approach, in which the requirements must be implemented exactly as specified in the standard, the so-called "Customized Approach" brings more flexibility to the implementation of the requirements. For example, you can use existing processes and measures that are required by other norms or standards and have already been implemented in your company for your PCI DSS certification. To do this, you need to analyze the intent of a requirement together with your QSA and show how your individual implementation fits the intent of the requirement.

We accompany you

An alignment and thus further development of existing processes based on the requirements of PCI DSS v4.0 usually requires a well considered implementation project. Whether you strive for certification according to the new version at an early stage or would like to use the transition period for implementation, we are happy to support you:

 

PCI Zertifizierungsprozess Kick-off

Overview of the new requirements

Presentation of the new requirements for your company in an initial workshop. Together, we will gain an overview of the PCI DSS v4.0 requirements that are relevant for you and outline known challenges and best practices.

PCI Zertifizierungsprozess Vorbereitung

Evaluate requirements for your company

During a gap analysis, we check all certification-relevant IT systems, existing documentation and current processes for their compliance with PCI DSS v4.0. Identified non-compliances are documented in the form of a catalog of measures and will be discussed with you.

Your certification according to PCI DSS v3.2.1 is coming up?

Our experts will be happy to conduct a gap analysis alongside the accessment in order to check your environments, documents and processes for non-compliance with PCI DSS v4.0.

PCI Zertifizierungsprozess Zertifizierung

Plan & implement measures

We do not leave you on your own after the gap analysis. Our assessors will create an individual roadmap together with you. Based on the results of your gap analysis, we will develop specific packages of measures with associated tickets, and we will closely support you in their implementation.

PCI Zertifizierungsprozess Siegel & Zertifikat

Certification according to PCI DSS v4.0

You are ready. After a successful implementation, we will accompany you as your trusted accessor in confirming your compliance with the PCI DSS.

More insights

 

During webinars and in blog posts, our PCI experts have already taken a more detailed look at the standard for you:

 

Webinar recordings

PCI DSS v4.0 - Best Practices for Your Transition

PCI DSS v4.0 - Let's get Started

PCI DSS v4.0 - Impact on E-commerce

PCI DSS v4.0 - Impact on Retail

Blog posts

PCI DSS 4.0: "In Place with Remediation" Reporting Option Removed

PCI DSS v4.0 – The Most Important Changes at a Glance: Keyed Cryptographic Hashes

PCI DSS v4.0 - The Most Important Changes at a Glance: Authenticated Vulnerability Scans
PCI DSS v4.0 - The Most Important Changes at a Glance: Protection Against Web Skimming

PCI DSS v4.0 – The Most Important Changes at a Glance: Technical User Handling

PCI DSS v4.0 – The Most Important Changes at a Glance: Customized Approach

Contact

 

Please contact us with any questions or queries.

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Benedikt Krümmel
usd Technical Sales Consultant,
PCI Professional