.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
DSALTA supports both PCI DSS 3.2.1 and PCI DSS 4.0.1. Version 4.0.1 is the current standard, with version 3.2.1 being phased out.
Who needs PCI DSS?
Payment processors
Any organization that accepts, processes, stores, or transmits credit card information.
E-commerce & SaaS
Online businesses, subscription platforms, and any software that touches payment data directly or through third-party integrations.
12 PCI DSS requirements
| # | Requirement |
|---|---|
| 1 | Install and maintain network security controls |
| 2 | Apply secure configurations to all system components |
| 3 | Protect stored account data |
| 4 | Protect cardholder data with strong cryptography during transmission |
| 5 | Protect all systems and networks from malicious software |
| 6 | Develop and maintain secure systems and software |
| 7 | Restrict access to system components by business need-to-know |
| 8 | Identify users and authenticate access to system components |
| 9 | Restrict physical access to cardholder data |
| 10 | Log and monitor all access to system components and cardholder data |
| 11 | Test security of systems and networks regularly |
| 12 | Support information security with organizational policies and programs |
PCI DSS 3.2.1 vs 4.0.1
| v3.2.1 | v4.0.1 | |
|---|---|---|
| Status | Legacy — being retired | Current standard |
| Approach | Prescriptive requirements | Customized approach option added |
| Key changes | — | Enhanced authentication (MFA everywhere), targeted risk analysis, stronger encryption requirements |
How DSALTA helps
- Controls mapped to all 12 PCI DSS requirements
- Automated evidence collection for network and access controls
- Policy templates for PCI-required documentation
- Vendor risk management for payment service providers
- Dual version support — manage both 3.2.1 and 4.0.1 simultaneously during transition
Frequently asked questions
Which PCI DSS version should I use?
Which PCI DSS version should I use?
Use PCI DSS 4.0.1 for new implementations. If you are currently on 3.2.1, plan your transition as the older version is being phased out.
Do I need PCI DSS if I use Stripe/PayPal?
Do I need PCI DSS if I use Stripe/PayPal?
Using a third-party payment processor reduces your scope but does not eliminate PCI DSS requirements entirely. You still need to complete a Self-Assessment Questionnaire (SAQ).
What are the PCI DSS compliance levels?
What are the PCI DSS compliance levels?
Levels 1–4 are based on annual transaction volume. Level 1 (over 6 million transactions) requires an on-site audit. Levels 2–4 can use self-assessment questionnaires.