Is PCI DSS v4.0 mandatory?

Yes. While not a law, it is contractually required by card networks (Visa, Mastercard, etc.) and enforced via acquiring banks.

Who needs to comply with PCI DSS v4.0?

Any entity handling payment card data — including merchants, service providers, and financial institutions.

What's new in PCI DSS v4.0 compared to v3.2.1?

v4.0 introduces custom implementation options, stricter MFA requirements, and an emphasis on continuous compliance.

What happens if a business fails to comply?

Non-compliance can lead to fines, increased transaction fees, or termination of the ability to process card payments.

PCI DSS v4.0 Global Standard

Global

2022

Payments

Cybersecurity

Overview

The Payment Card Industry Data Security Standard (PCI DSS) v4.0 is the latest global framework for securing cardholder data, published by the PCI Security Standards Council in March 2022. It replaces version 3.2.1 and becomes fully enforceable by March 31, 2025. The update introduces more flexible compliance paths, stronger authentication measures, and new controls for evolving payment technologies.

PCI DSS v4.0 outlines twelve core requirements to protect cardholder data across its lifecycle. It emphasizes continuous risk assessment, customized implementation, and expanded use of multi-factor authentication (MFA). The standard applies to any entity that stores, processes, or transmits payment card data, including merchants, payment processors, fintech companies, banks, and card issuers globally.

Key Obligations

Implement and maintain 12 baseline controls for cardholder data protection
Use multi-factor authentication for all access to cardholder data environments
Monitor and test networks regularly to identify vulnerabilities

Restrict access to cardholder data to authorized personnel only
Conduct annual risk assessments and document compliance status

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

One Touch KYC

Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.

AML Screening

Comprehensive Anti-Money Laundering screening solutions to detect and prevent financial crimes through advanced monitoring and compliance tools.

Transaction Monitoring

Real-time transaction monitoring and analysis to identify suspicious activities and ensure regulatory compliance across all financial operations.