Overview

As the Payment Card Industry–Data Security Requirements (PCI-DSS) marks its 20th anniversary, the areas of accountability are expanding beyond card payment data to encompass a holistic view of merchants’ data security ecosystems across all commerce channels. Although the scope of PCI-DSS is not increasing, per se, as it relates to the security requirements for payment data, merchants must attest to having compliant security processing places across the enterprise. For the first time, merchants can construct their compliance checklists that address the risks in their businesses rather than using a template provided by the PCI standards.

Key questions discussed in this report: 

  • What is likely to be the impact of PCI 4.0 for merchants?
  • How should merchants prepare for PCI 4.0?
  • What is changing with PCI 4.0 that is more significant than previous changes?

Companies Mentioned: 

American Express, Discover, JCB, Mastercard, PCI Security Standards Council, LLC, Verizon Business, Visa

Book a Meeting with the Author

Related content

December 10, 2025
Merchants Should Planogram Payments

Enterprise merchants have increasingly adopted payment orchestration strategies to drive new payment types, increase payment success rates, and optimize platform performance. Howev...

November 06, 2025
2026 Merchant Payments Trends

As payment technology advances and offers greater options and flexibility for consumers, merchants are put in the position of prioritizing how to manage payment acceptance, what pl...

September 26, 2025
Visa’s Commercial Enhanced Data Program: What You and Your Merchants Need to Know

Level II and III data have long been a source of price relief for merchants that accept corporate, commercial, and purchasing cards. However, much of that price relief has been off...

Make informed decisions in a digital financial world

Let's Connect