Back to Blog
PCI DSS

PCI DSS 4.0: What Changed and What You Need to Do

A practical breakdown of the major changes in PCI DSS 4.0 and how to update your compliance program.

Jason Pieters

Co-Founder & CTO

December 10, 2024
6 min read
PCI DSS 4.0: What Changed and What You Need to Do

PCI DSS 4.0 represents the most significant update to payment card security standards in over a decade. Here's what you need to know.

Major Changes

1. Customized Approach

Organizations can now justify alternative controls that meet the security objective.

2. Enhanced Authentication

Multi-factor authentication requirements expanded significantly.

3. Continuous Security

Regular security testing and monitoring required more frequently.

Timeline

  • March 2024: PCI DSS 4.0 became mandatory for all new assessments
  • March 2025: All future-dated requirements become mandatory

    • Action Items

  • Review your current SAQ status
  • Identify gaps against new requirements
  • Develop remediation plan
  • Update policies and procedures
  • Train staff on new requirements

    • How StrategiHub Helps

    PCI-Compli is being built specifically for PCI DSS 4.0, with intelligent routing and guidance for all SAQ types.

    PCI DSSCompliancePayment Security

    Ready to Simplify Your Compliance?

    Let StrategiHub help you navigate complex regulations with ease.

    Get Started