The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised set of security standards designed to ensure the safe handling of payment card information by businesses. It is developed by the PCI Security Standards Council and applies to all organisations that accept, process, store, or transmit credit card data. The standard outlines specific requirements, such as implementing secure networks, protecting cardholder data, maintaining vulnerability management programs, and regularly monitoring systems to prevent fraud and data breaches. Compliance with PCI DSS helps businesses protect sensitive customer data and maintain trust in their payment processing systems.
PCI DSS changes regularly to address evolving cyber threats, advancements in technology, and industry feedback. Updates ensure the standard stays relevant, protecting against new vulnerabilities and aligning with global regulations. These changes help secure payment systems, reduce breach risks, and adapt to innovations like cloud computing and mobile payments. Regular updates ensure organisations can effectively safeguard cardholder data.
PCI DSS v4.0.1: Changes from January 1st, 2025
As of January 1st, 2025, PCI DSS v4.0.1 is the only active version of the Payment Card Industry Data Security Standard. While PCI DSS v4.0 remained active until December 31, 2024, it has now been retired. From January 1, 2025, all assessments must comply with PCI DSS v4.0.1 requirements. This includes updated Self-Assessment Questionnaires (SAQs), Reports on Compliance (ROCs), and Attestations of Compliance (AOCs).
If your organisation (any partner or merchant) has already submitted their compliance documents under PCI DSS v4.0, there is no need for an update. This only applies to new submissions under PCI DSS v4.0.1.
Compliance milestones:
- December 31, 2024: Final date for using PCI DSS v4.0. Transition to v4.0.1 is required thereafter.
- January 1, 2025: All assessments and documentation must comply with PCI DSS v4.0.1 standards.
- March 31, 2025: Grace period requirements introduced in v4.0 must be fully implemented under v4.0.1.
Keep compliant:
Staying compliant with PCI DSS is essential for protecting sensitive payment data and maintaining customer trust. Compliance requires ongoing effort, from securing systems to implementing proper processes. How to stay compliant:
- Access the latest Standard: The newest version, PCI DSS v4.0.1, can be found in the PCI DSS Document Library.
- Stay updated: Regularly monitor the PCI SSC Blog for updates and revisions.
- Consult your auditor: Discuss the new requirements with your PCI DSS assessor to ensure your organisation remains on track.
Information prepared by Akvilė Venskavičiūtė, Information Security Specialist at PAYSTRAX
