PCI DSS version 4.0. – What is it all about?

22nd January 2023
Daisy Corporate Services
PCI DSS version 4.0.

Updating The Standard

The Payment Card Industry Data Security Standard has been designed to protect customers against fraud when using their credit or debit cards. If your organisation takes payment by card, or provides services to others that do, it may apply to you.

The standard has been around for around 18 years, and in that time, the threat from criminals has increased both in volume and in complexity.

Technology has also continued changing at pace, so updates were needed to make the standard more appropriate for the times.

What Has Changed

PCI DSS comprises of security controls contained in Twelve Requirements, each covering a different area, from network security, to physical security, and Information Security Policies.

These twelve areas of requirement are unchanged from version 3.2.1, the previous version, to version 4.0. The detail within them has been refined a little, and renumbered in places.

The refinements have been included for clarity – for instance, PCI DSS 4.0 no longer defines Firewall Rules, but instead has Network Security Controls, to reflect the increasing use of Cloud-Hosted systems.

What Is New

In addition to the refined security controls in each Requirement, there are NEW SECURITY CONTROLS, designed to protect against emerging threats. These new controls include:

  • Changes to encryption rules for stored payment card data.
  • Protection from Phishing attacks.
  • Security of code repositories and of imported code libraries and scripts.
  • Increased password strength.
  • Detection and correction of failure of security systems.
  • Internal network security intrusion prevention.
  • Website code change detection.

When Must I Comply with PCI DSS 4.0

You MUST comply with PCI DSS 4.0 by 1 April 2024, but any New Requirements have a grace period. These must be implemented by 1 April 2025. Some of these new requirements may not be applicable if you comply to a reduced-scope Self-Assessment-Questionnaire (SAQ).

How to Prepare for v 4.0?

Speak to your QSA. They will be able to tell you what the changes mean for your environment, what you can be doing now to get prepared and help you understand your timeline.

If you have any questions in the meantime, please do not hesitate to get in touch and we will arrange a call with one of our experts.

Next steps...

Find out more about our Cyber Security solutions
Enquire now or request a callback

More content:

  1. Cyber Essentials FAQs
  2. Cyber Security 101: Security Information and Event Management (SIEM)
  3. Cyber security: Check your posture and limber up [Infographic]
  4. FROM THE PAST TO THE FUTURE: HOW TO MAKE THE MOVE FROM ISDN TO SIP

Talk to one of our specialists.
Call us on
0344 863 3000