API Marketplace

Solutions

Resources

Our Company

Book a Demo

← Back to Glossary

PCI DSS v4.0 Payment Security

United States2008Consumer ProtectionPrivacy

Overview

The Payment Card Industry Data Security Standard (PCI DSS) v4.0, released in March 2022, is the latest global framework for securing cardholder data. It replaces version 3.2.1 and becomes fully enforceable from March 31, 2025, after the transition period ends. Developed by the PCI Security Standards Council (PCI SSC), this version enhances flexibility, strengthens authentication requirements, and focuses on continuous monitoring.

It applies to all merchants, payment processors, banks, issuers, fintech companies, and other organizations that store, process, or transmit cardholder data. PCI DSS v4.0 supports both traditional and modern payment environments, including cloud and mobile platforms, requiring organizations to implement robust fraud risk management systems to protect sensitive cardholder information and maintain compliance with evolving security standards.

Key Obligations

Implement and maintain firewalls and secure configurations for all systems
Use strong encryption for transmission and storage of cardholder data
Enforce multi-factor authentication (MFA) for all access to cardholder data
Regularly test security systems and processes

Monitor and log access to network resources and cardholder data
Maintain an ongoing risk assessment process and ensure continuous compliance
Comply with twelve core requirements, with additional flexibility through customized approaches

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to validate users while onboarding.

Transaction Monitoring

Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.

Related Regulations

FTC Safeguards Rule Amendments

GLBA Safeguards Rule Compliance

FedNow Reg J Instant Payments

FAQ

What is the deadline for complying with PCI DSS v4.0?

Full compliance with v4.0 is mandatory from March 31, 2025, replacing the previous version 3.2.1.

Who enforces PCI DSS compliance?

Enforcement is handled by payment card brands like Visa and Mastercard through acquiring banks.

Are small businesses required to comply?

Yes. All businesses that process, store, or transmit cardholder data must comply, regardless of size.

What are some new features in v4.0?

Enhanced MFA requirements, customized implementation options, and improved risk-based testing methodologies.