PCI Security Standards Council<\/a> (PCI SSC) released PCI DSS v4.0, the most significant update of the credit card data security standard so far, which replaced the PCI DSS v3.2.1 on 31 March 2024. A few weeks later, on June 11, 2024, the Council published version 4.0.1, a minor revision of the standard.<\/p>\nOn this page we have assembled the most important information for you.<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-8px||||false|false\" custom_padding=\"||2px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider color=\"#d8d8d8\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"|auto|24px|auto||\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
The key facts at a glace<\/h2>\n
[\/et_pb_text][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/PCI-DSS-v-4-0-1-Transition-Timeline-EN.png\" title_text=\"PCI-DSS-v-4-0-1-Transition-Timeline-EN\" _builder_version=\"4.27.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][et_pb_accordion open_toggle_background_color=\"#FFFFFF\" closed_toggle_background_color=\"#FFFFFF\" icon_color=\"#F07F1D\" use_icon_font_size=\"on\" icon_font_size=\"23px\" _builder_version=\"4.27.4\" _module_preset=\"default\" body_font=\"|300|||||||\" body_font_size=\"16px\" custom_margin=\"4px|0px|20px|0px|false|true\" hover_enabled=\"0\" rank_math_faq_schema=\"on\" border_radii=\"on|5px|5px|5px|5px\" border_color_all=\"#F6F6F6\" box_shadow_style=\"preset1\" box_shadow_spread=\"-11px\" box_shadow_color=\"rgba(0,0,0,0.22)\" global_colors_info=\"{}\" theme_builder_area=\"post_content\" sticky_enabled=\"0\"][et_pb_accordion_item open=\"on\" _builder_version=\"4.17.6\" _module_preset=\"default\" custom_css_main_element=\"display: none;\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_accordion_item][et_pb_accordion_item title=\"As of when is a certification according to v4.0.1 mandatory?\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.27.4\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\"]<\/p>\n
PCI DSS v4.0 was completely replaced on 31.12.2024 and v4.0.1 has been the only valid version of the standard since then.<\/p>\n
[\/et_pb_accordion_item][et_pb_accordion_item title=\"When do the future-dated requirements apply?\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.27.4\" _module_preset=\"default\" hover_enabled=\"0\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\" sticky_enabled=\"0\"]<\/p>\n
Completely new requirements in version 4.0 were given the suffix \"future-dated<\/strong>\", which gave organizations time beyond the transition period to complete necessary implementations. Until 31 March 2025, these requirements were considered best practices and were optional during that time. Since 1 April 2025<\/strong>, these requirements are now considered mandatory<\/strong> and must be fully taken into account in future PCI DSS certifications.<\/p>\n[\/et_pb_accordion_item][et_pb_accordion_item title=\"What is a %22Customized Approach%22?\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.16\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\"]<\/p>\n
Compared to the classic approach, in which the requirements must be implemented exactly as specified in the standard, the so-called \"Customized Approach<\/strong>\" brings more flexibility to the implementation of the requirements. For example, you can use existing processes and measures that are required by other norms or standards and have already been implemented in your company for your PCI DSS certification. To do this, you need to analyze the intent of a requirement together with your QSA and show how your individual implementation<\/strong> fits the intent of the requirement.<\/p>\n[\/et_pb_accordion_item][\/et_pb_accordion][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-8px||||false|false\" custom_padding=\"||2px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider color=\"#d8d8d8\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.0\" _module_preset=\"default\" custom_padding=\"9px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
We accompany you<\/h2>\n
An alignment and thus further development of existing processes based on the requirements of PCI DSS v4.0.1 usually requires a well considered implementation project. We are happy to support you:<\/p>\n
<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"13px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-dss-4.0-gap-analyse.svg\" alt=\"PCI Zertifizierungsprozess Vorbereitung\" title_text=\"pci-dss-4.0-gap-analyse\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
Evaluate requirements for your company<\/h3>\n
As part of your upcoming audit, we conduct a Gap Analysis<\/strong> to check all certification-relevant IT systems and applications, existing documentation and current processes for compliance with the requirements of PCI DSS v4.0.1<\/strong>. Any deviations identified are documented in the form of a catalog of measures and discussed with you.<\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"10px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-dss-4.0-umsetzung.svg\" alt=\"PCI Zertifizierungsprozess Zertifizierung\" title_text=\"pci-dss-4.0-umsetzung\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
Plan & implement measures<\/h3>\n
We do not leave you on your own after the gap analysis. Our assessors will create an individual roadmap together with you. Based on the results of your gap analysis, we will develop specific packages of measures<\/strong> with associated tickets, and we will closely support you in their implementation.<\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"13px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-dss-4.0-audit.svg\" alt=\"PCI Zertifizierungsprozess Siegel & Zertifikat\" title_text=\"pci-dss-4.0-audit\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
Certification<\/h3>\n
You are ready. After a successful implementation, we will accompany you as your trusted accessor in confirming your compliance with the PCI DSS.<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-8px||||false|false\" custom_padding=\"||2px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider color=\"#d8d8d8\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.18.1\" _module_preset=\"default\" custom_margin=\"||-20px||false|false\" custom_padding=\"9px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
More insights<\/h2>\n
<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_2,1_2\" _builder_version=\"4.27.0\" _module_preset=\"default\" custom_margin=\"||-10px||false|false\" custom_padding=\"||0px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_2\" _builder_version=\"4.27.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_code _builder_version=\"4.27.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]