Commerce Today

Episode 140: PCI DSS 4.0 After the Deadline: Keeping Your Store Secure

September 9th, 2025  |  16 mins 18 secs

compliance checklist, credit card processing, customer data protection, customized compliance approach, cybersecurity, data security, ecommerce compliance, ecommerce risk management, malware scanning, merchant requirements, multi-factor authentication, payment security, pci audit, pci dss 4.0, pci penalties, pci updates, scripted payment pages, security standards, self-assessment questionnaire, trust and security

In this episode, Joshua unpacks the critical updates in PCI DSS 4.0 and why e-commerce businesses can’t afford to overlook them. He explains the shift toward a more flexible and customized compliance model while also highlighting stricter requirements, including malware scanning on removable media and mandatory MFA for cardholder data access. Drawing from real-world merchant experiences, Joshua identifies common missteps like outdated self-assessments and undocumented payment scripts and offers a straightforward checklist to help businesses maintain compliance now that the grace period has ended. The episode underscores that payment security is more than a checkbox — it is foundational to customer trust and business continuity.