PCI DSS v4.0 Payment Security
United States
2008
Consumer Protection
Privacy
Overview
The Payment Card Industry Data Security Standard (PCI DSS) v4.0, released in March 2022, is the latest global framework for securing cardholder data. It replaces version 3.2.1 and becomes fully enforceable from March 31, 2025, after the transition period ends. Developed by the PCI Security Standards Council (PCI SSC), this version enhances flexibility, strengthens authentication requirements, and focuses on continuous monitoring.It applies to all merchants, payment processors, banks, issuers, fintech companies, and other organizations that store, process, or transmit cardholder data. PCI DSS v4.0 supports both traditional and modern payment environments, including cloud and mobile platforms, requiring organizations to implement robust fraud risk management systems to protect sensitive cardholder information and maintain compliance with evolving security standards.
Key Obligations
- Implement and maintain firewalls and secure configurations for all systems
- Use strong encryption for transmission and storage of cardholder data
- Enforce multi-factor authentication (MFA) for all access to cardholder data
- Regularly test security systems and processes
- Monitor and log access to network resources and cardholder data
- Maintain an ongoing risk assessment process and ensure continuous compliance
- Comply with twelve core requirements, with additional flexibility through customized approaches
FAQ
Related Regulations
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.
Transaction Monitoring
Real-time transaction monitoring and analysis to identify suspicious activities and ensure regulatory compliance across all financial operations.