The Payment Card Industry Data Security Standard (PCI DSS) v4.0, released in March 2022, is the global security standard that applies to all organisations that store, process, or transmit cardholder data (CHD) or sensitive authentication data — merchants, service providers, payment gateways, and acquiring banks worldwide. Developed and maintained by the PCI Security Standards Council (PCI SSC) — founded by Visa, Mastercard, American Express, Discover, and JCB — PCI DSS v4.0 introduces significant changes including customised implementation (flexible approach), enhanced multi-factor authentication requirements, and a new targeted risk analysis methodology.
In India, PCI DSS compliance is mandated by RBI guidelines for payment aggregators and gateways (PA/PG Master Directions 2020), Visa/Mastercard network rules, and is a commercial requirement for any firm processing international card payments. The transition deadline to PCI DSS v4.0 was 31 March 2024 — PCI DSS v3.2.1 is retired. Non-compliant service providers face card brand fines, increased transaction fees, and ultimately loss of the ability to process card payments.