← Back to all briefings
Compliance 5 min read Published Updated Credibility 45/100

Compliance Briefing — PCI DSS version 4.0 released

The PCI Security Standards Council published PCI DSS v4.0 on 31 March 2022, expanding requirements for authentication, e-commerce, and risk-based testing with transition timelines into 2025.

Zeph Tech Research Lead

Research lead, Zeph Tech

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

The PCI SSC released PCI DSS 4.0 on 31 March 2022, updating controls for multi-factor authentication, e-commerce scripts, customized approaches, and targeted risk analyses. Organizations must adopt the standard by March 2025, with several new requirements (such as automated log reviews and stricter encryption) becoming effective after March 2025.

Merchants, service providers, and engineering teams should map gaps from version 3.2.1 to 4.0, prioritize MFA coverage and payment page integrity monitoring, and plan evidence for customized controls and assessor expectations during the transition period.

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • PCI DSS 4.0
  • payment security
  • multi-factor authentication
  • compliance
Back to curated briefings