On March 31, 2022, the PCI Security Standards Council (PCI SSC) published version 4.0 of PCI DSS - the most comprehensive update of the security standard for credit card data ever. Things are now getting serious for companies requiring certification: as of March 31, 2024, PCI DSS v4.0 will completely replace the previous version 3.2.1. Here is what you need to know:
PCI DSS v4.0: Deadlines at a glance
As a reminder, this is the PCI DSS v4.0 timeline:
31 March 2022
Release of PCI DSS v4.0
31 March 2022 until 31 March 2024
Transition period: During this period, assessments could be performed against PCI DSS v3.2.1 or v4.0.
31 March 2024
PCI DSS v3.2.1 expires. As of this date, certifications must be performed against v4.0.
31 March 2025
As of this date, new, future-dated requirements of PCI DSS v4.0 must be implemented.
Best Practices for yor transition to PCI DSS v4.0
For many companies, the transition to PCI DSS v4.0 still raises many questions. Do we really need to complete our transition by April 2024? What parts of the transition require extensive preparation? In this recording of our usd webinar, two of our PCI auditors share their best practices from past transition projects and provide tips.
A detailed look at the most important changes
Our experts have summarized the new requirements of PCI DSS v4.0 for you in webinars and blog posts. We will continue to keep you up to date on further developments.
Blog posts:
Webinar recordings (on YouTube):
Resources provided by the PCI Security Standards Council
PCI Security Standards Council – FAQs (pcisecuritystandards.org)
Eight Steps to Take Toward PCI DSS v4.0 (pcisecuritystandards.org)
PCI Security Standards Council – Document Library (pcisecuritystandards.org)
We take the next steps with you
Aligning and thus further developing existing processes based on the requirements of PCI DSS v4.0 usually requires a well thought-out implementation project. This is how we support you:
Overview of the new requirements
We present the new requirements for your company in an initial workshop. Together, we create an overview of the PCI DSS v4.0 requirements relevant to you and present known challenges and best practices.
Evaluate requirements for your company
As part of a gap analysis, we review all certification-relevant IT systems, existing documentation and current processes for their compliance with PCI DSS v4.0. Identified deviations are documented in the form of a catalog of measures and discussed with you.
Plan & implement measures
We do not leave you alone after the gap analysis. Our auditors will work with you to create an individual roadmap. Based on the results of your gap analysis, we will develop concrete packages of measures with corresponding tickets, and we will closely support you in their implementation.
Certification against PCI DSS v4.0
You are ready. After successful implementation, we will accompany you, as usual, as your auditor in confirming your compliance with PCI DSS.
Do you have questions or need support?
usd Technical Sales Consultant,
PCI Professional
Our PCI experts will guide you to your certification and support you in the transition to PCI DSS v4.0. Contact us, we will be happy to help.
