PCI DSS v4.0.1 comes into effect in January: everything you need to know
On March 31, 2024, version 4.0 of the PCI DSS standard came into effect. Just two months later, on June 11, the PCI Security Standards Council published on its website the new version 4.0.1, which came into effect that same day, but will coexist with version 4.0 until December 31.
Version 4.0.1 will be mandatory starting January 1, 2025, which means there are only a few weeks left to adapt. For this reason, it is crucial to be aware of the modifications and prepare for implementation, as non-compliance with this standard can result in heavy fines and even the loss of the license to operate with cards.
This new version, which comes into effect barely 9 months after the previous one, corresponds to typographical and formatting corrections and also clarifies the intent and approach of some requirements. It is important to note that no new requirements have been added nor existing ones removed in this revision.
The most significant changes include:
Clarification of applicability notes for issuers and companies with issuer functions, as well as clarification of the applicability of using keyed cryptographic hashes to render the PAN unreadable.
Reverts to the PCI DSS v3.2.1 criterion stating that the installation of patches and updates within 30 days applies only to “critical vulnerabilities”.
An applicability note was added stating that it does not apply to user accounts authenticated solely with phishing-resistant factors.
Clarification of applicability notes regarding relationships between customers and Third-Party Service Providers (TPSPs).
Here is the document published by the PCI Security Standards Council where you can find more information about the changes between versions:
So now you know — after December 31, 2024, PCI DSS version 4.0 will be retired, and version 4.0.1 will be the only active version of the standard.
If you need to ensure data protection and security in online transactions, minimize fraud, and build trust, ask us how to adopt the latest version of the standard. We’ll be happy to help you comply with PCI DSS 4.0.1 and make the process smooth and simple. Shall we talk?