PCI DSS 4.0 replaces PCI DSS 3.2.1, which was released by PCI SSC in 2018. The current version of the standard aims to address emerging threats and technologies to customer payment information, as well as allow innovative techniques to combat new threats. PCI DSS 4.0 was developed on comments from more than 200 participants of the global payments industry and is documented in a 360-page document.
A separate document has a summary of the modifications. The changes highlighted by PCI SCC include: the implementation of multi-factor authentication (MFA) for all access to cardholder data environments and the replacement of the term “firewalls” with “network security controls” to support a broader range of security technologies. It also includes increased flexibility for organizations to demonstrate how they are using different methods for achieving security objectives. Many of the new standards are connected to the risk analysis that is targeted.