How ready are you for a PCI DSS v4.0.1 assessment?
If you take card payments, a bank, processor, or customer will eventually ask you to prove PCI DSS compliance. Answer six questions about how you handle cardholder data and get an honest readiness tier, plus the moves that cut your scope and your effort the fastest.
PCI DSS readiness assessment
What is PCI DSS?
PCI DSS is the Payment Card Industry Data Security Standard, 12 requirements maintained by the PCI Security Standards Council to protect card data. Any business that stores, processes, or transmits cardholder data has to meet it. The current version is v4.0.1, published 11 June 2024.
Who has to comply with PCI DSS?
Any organisation that handles payment card data, from a one-person shop to a large processor. Your merchant level follows annual transaction volume (Level 1 is over 6 million; Levels 2 to 4 are smaller bands), and your SAQ type follows how you accept cards. Both decide how much you have to prove.
What changed in PCI DSS v4.0?
Version 4.0 kept the same 12 requirements but raised the bar. MFA now applies to all CDE access. It adds payment-page script controls, anti-phishing measures, and stronger passwords, plus the customised approach. Most future-dated items became mandatory on 31 March 2025.