PCI DSS v4.0 & v4.0.1
We will assist you in achieving more security
On 31 March 2022 the PCI Security Standards Council (PCI SSC) released PCI DSS v4.0, the most significant update of the credit card data security standard so far, which replaced the PCI DSS v3.2.1 on 31 March 2024. A few weeks later, on June 11, 2024, the Council published version 4.0.1, a minor revision of the standard. The requirements remain mainly unchanged.
On this page we have assembled the most important information for you.
The key facts at a glace
As of when is a certification according to v4.0 mandatory?
PCI DSS v3.2.1 was completely replaced on 31.03.2024 and v4.0 has been the only valid version of the standard since then.
When do the future-dated requirements apply?
Completely new requirements in version 4.0 were given the suffix "future-dated", which gives organizations time beyond the transition period to complete necessary implementations. Until March 31, 2025, these requirements are considered best practices and are optional during that time.
After March 31, 2025, these requirements will be considered mandatory and must be fully addressed as part of future PCI DSS certifications.
What is a "Customized Approach"?
Compared to the classic approach, in which the requirements must be implemented exactly as specified in the standard, the so-called "Customized Approach" brings more flexibility to the implementation of the requirements. For example, you can use existing processes and measures that are required by other norms or standards and have already been implemented in your company for your PCI DSS certification. To do this, you need to analyze the intent of a requirement together with your QSA and show how your individual implementation fits the intent of the requirement.
When does PCI DSS v4.0.1 apply?
PCI DSS v4.0.1 will replace v4.0 on December 31, 2024.
We accompany you
An alignment and thus further development of existing processes based on the requirements of PCI DSS v4.0 or PCI DSS v4.0.1 usually requires a well considered implementation project. We are happy to support you:
Evaluate requirements for your company
As part of your upcoming audit, we conduct a Gap Analysis to check all certification-relevant IT systems, existing documentation and current processes for compliance with the future-dated requirements of PCI DSS v4.0 and the updates from PCI DSS v4.0.1. Any deviations identified are documented in the form of a catalog of measures and discussed with you.
Plan & implement measures
We do not leave you on your own after the gap analysis. Our assessors will create an individual roadmap together with you. Based on the results of your gap analysis, we will develop specific packages of measures with associated tickets, and we will closely support you in their implementation.
Certification
You are ready. After a successful implementation, we will accompany you as your trusted accessor in confirming your compliance with the PCI DSS.
More insights
During webinars and in blog posts, our PCI experts have already taken a more detailed look at the standard for you:
Webinar recordings
PCI DSS v4.0.1: Mastering Future-Dated Requirements
PCI DSS v4.0 - Targeted Risk Analysis
Blog posts
PCI DSS v4.0 – The Most Important Changes at a Glance: Keyed Cryptographic Hashes
PCI DSS v4.0 – The Most Important Changes at a Glance: Technical User Handling
