PCI DSS v4: Are you ready?

PCI DSS v4 is finally upon us. It took effect on April 1, 2024 and with it has come a number of new and revised controls to protect cardholder data. Find out how you can reduce scope, reduce risk, and reduce your overall compliance efforts.

What has changed?

With new PCI requirements, there are likely areas in your organization that have not been assessed for compliance against these new controls. The new controls bringing the biggest impact in PCI DSS v4 include:

Detecting and protecting personnel from phishing attacks
Managing scripts on payment pages
Updated authentication requirements (password length, managing shared / group accounts)
Stricter requirements for multi-factor authentication (MFA)
Authenticated internal vulnerability scans
Defining roles and responsibilities for each requirement

There may be additional compliance costs and a longer runway to determine how the new controls apply to your organization – and if you are meeting them.

Get a list of changes to PCI v4.0

Download a free list of the most significant changes that have come to the PCI DSS 12 core requirements for compliance.

Download the PDF here

Contact us about PCI DSS v4.0



Challenges we see in Retail

Retail and hospitality have shifted business models to expand their ecommerce presence to support card-not-present transactions. Managing and securing payment pages – and all of their components – has become increasingly complex, especially to meet compliance controls.



Challenges we see in Healthcare

Implementing PCI DSS controls in call centers and areas collecting payments via phone continues to be one of the biggest challenges for healthcare providers. Incorporating user workstations and telephony infrastructure and processes can be a daunting task and requires significant coordination and effort from teams to obtain compliance.



Challenges we see in Insurance

Managing complex, decentralized processes including custom batch files and multiple banking relationships – sometimes internationally – can create an intricate web of PCI scope that is hard to untangle.

How can we help?

If you are new to PCI or have not considered the changes to v4, a readiness assessment can define your actual scope, identify potential gaps against the upcoming changes, and provide a path forward through remediation or scope reduction.

Future-dated controls in v4 take effect April 1, 2025, so there is still sufficient time to determine their impact and if you are prepared to meet them. Our aim is to identify opportunities to reduce scope, reduce risk, and reduce compliance efforts for your organization.

Reach out and connect with us to discuss your PCI scope and how SRA can help.

PCI Readiness and Strategy

Prepare for a PCI Audit and identify gaps that would be flagged by an audit. Reduce the storage and handling of payment card data to reduce annual costs and risk over time.

Download the PDF here

PCI QSA Audit

SRA’s certified QSAs will perform an audit of security controls against the latest version of the PCI DSS for the purposes of attaining PCI Certification.

Download the PDF here

The Shiny New Object: Is It Worth Deploying Purview’s New AI Functionality Yet?

Microsoft’s new AI functionalities in Purview offer exciting possibilities for data security investigations and posture management. Our blog explores the features, deployment challenges, and cost considerations to help organizations make informed decisions.

Benchmarked Threat Resilience

Cut Cloud Technology Costs

Vulnerability Management Simplified

Intelligence by Design