Complying with PCI DSS requirements by 2025

PCI DSS Version 4.0.1, effective April this year, has introduced crucial changes for organizations, particularly encryption and multi-factor authentication (MFA), to fit the digital age. The update has 64 requirements, with 51 becoming mandatory on 1 April 2025. Entities must understand the significant new rules such as automated audit log reviews and address web-based skimming. Entities should also consider conducting a gap analysis and, for some, outsourcing non-core processes to specialized service providers.