Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

PCI DSS v4.0

PCI DSS · Financial · Global · v4.0

PaymentsCardholder DataMerchant

Overview

PCI DSS v4.0 defines security requirements for organizations that store, process, or transmit cardholder data.

14 controls available in ComplAI for this framework.

Who it's for

  • Merchants and payment service providers
  • Fintech platforms in the card data environment
  • Teams preparing for SAQ or ROC assessments

Why it matters

Card brands and acquirers require PCI compliance. Continuous control tracking reduces assessment friction and scope creep risk.

Cardholder data environment scopeNetwork and access securityVulnerability and logging controlsPolicies and evidence for assessors

How ComplAI helps

  • Activate PCI DSS in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • Req 1

    Network security controls

    network security
  • Req 2

    Secure configurations

    change management
  • Req 3

    Protect stored account data

    cryptography
  • Req 4

    Protect data in transit

    cryptography
  • Req 5

    Protect against malware

    vulnerability management
  • Req 6

    Secure systems and software

    change management

Getting started

  1. Open Framework Library and activate PCI DSS
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps