Skip to content
PCI v4 is officially in effect, but what comes next?

PCI 4 Timeline: 2025 Future-Dated Requirements

The wait is over; PCI 4 is officially here. As of March 31st, 3.2.1 has been retired, and anyone undergoing certification or re-certification must meet the new PCI 4 requirement standards.

Frustration has been a common sentiment around the changes in PCI 4, including the timeline at which organizations are responsible for meeting them and the complexity of the updates.

Many teams have felt challenged by the timeline and changes to PCI and have needed help understanding the implementation timeline of PCI 4. One particular area that has been especially trying has been the future-dated requirements. With PCI 4 becoming standard, the countdown has begun for the future-dated requirements, but what does that mean?

PCI 4 has two categories of new requirements: requirements effective immediately for all PCI assessments after March 31, 2024, or best practices until March 31, 2025, after which they become mandatory. Almost every section of PCI 4 has at least one future-dated requirement. The full breakdown of these requirements and who the updates apply to can be found in the Summary of Changes from PCI DSS Version 3.2.1 to 4.0 document

Requirement 8 (or the section addressing identity security and multi-factor authentication) has 7 future-dated requirements that should not be overlooked. It is critical to remember that due to the complexity of the new MFA requirements, organizations cannot wait until the last minute to ensure their identity security systems and policies meet the latest standards.

Some of these future-dated requirements specific to identity security in contact centers are:

Read the blueprint to review how PCI 4 impacts MFA in BPO contact centers.

Artboard 5
Timeline based on a graph from PCI DSS v4.0 At-a-Glance, 2022 PCI SSC

For more information on PCI 4 and MFA, subscribe to the Twosense blog or ring the bell at the top right corner of Twosense LinkedIn to receive the latest compliance and identity security information.


Unlock Next-Gen Security with Twosense. Enjoy seamless identity security without the hassle of hardware tokens.

More from the Blog

June 12, 2024

PCI v4.0.1: What You Need To Know

The PCI Security Standards Council (PCI SSC) has published an update to the Payment Card Industry Data Security...
April 11, 2023

Understanding the PCI DSS v4.0 Timeline

In March 2022, the PCI Security Standards Council (PCI SSC) released version 4.0 of the PCI Data Security Standards...
June 15, 2022

If Audited Today, Would Your Security Measure Up To PCI DSS Requirements? 

Necessary Evil Maintaining cardholder data security is one of the top priorities in a call center environment. It is...

Subscribe Here

We will never share your email address with third parties.