Payment Card Industry Data Security Standard.
PCI-DSS v4.0 is the global security standard for organizations that handle payment card data. It requires 300+ security controls across 12 requirement categories, covering everything from network segmentation and encryption to access control and vulnerability management. Version 4.0 introduces risk-based customized approaches and enhanced authentication requirements.
Maximum penalty
Up to $500K per incident (card brand penalties)
Source: Card brand agreements
Key requirements
Install and maintain network security controls
Apply secure configurations to all system components
Protect stored account data with encryption
Protect cardholder data with strong cryptography during transmission
+4 more requirements in the complete guide.
Get the full PCI-DSS v4.0 compliance guide →Enforcement examples
British Airways
Payment card data breach affecting 500K customers (reduced from initial £183M GDPR fine)
$230M
2020
Heartland Payment Systems
SQL injection breach exposing 130M card numbers
$145M
2009
How Tessera automates PCI-DSS v4.0 compliance
Continuous PCI-DSS v4.0 control monitoring across 300+ requirements
Automated evidence collection for QSA assessments
Cardholder data environment (CDE) scope validation
Encryption and key management compliance tracking
Vulnerability scan scheduling and remediation tracking
PCI-DSS v4.0 compliance checklist
Essential steps to achieve and maintain PCI-DSS v4.0 compliance.
Define and validate cardholder data environment scope
Implement network segmentation and firewall rules
Encrypt stored cardholder data (AES-256 or equivalent)
+4 more steps in the full checklist.
Get your complete PCI-DSS v4.0 compliance checklist - free →Industries affected
Calculate your PCI-DSS v4.0 exposure.
See exactly how PCI-DSS v4.0 penalties apply to your revenue and industry profile.