Skip to main content


Please use the search tool or category filters below to refine the list of FAQs
Filter by category

Previous versions of the PCI DSS were very specific in that they require the use of compensating controls where the 12 PCI DSS requirements could not be met. The latest version allows for more flexibility, around adopting new technologies or security solutions to achieve compliance in place of compensating controls.


Essentially, the 12 core requirements of the PCI DSS haven’t changed, rather they have evolved to take into account advancements in security technology, risk mitigation techniques, and evolving threats. The changes strengthen security control requirements while at the same time adding flexibility to achieve compliance. This can be broken down into four key areas:

  1. Continue to meet the security needs of the payments industry.
  2. Promote security as a continuous process.
  3. Increase flexibility for organisations using different methods to achieve security objectives.
  4. Enhance validation methods and procedures.

PCI DSS v4.0 is the latest version of the Payment Card Industry Data Security Standard and was released on 31st March 2022.


We follow a structured project delivery process that we’ve designed using PRinCE2 and PRinCE2 Agile methodology and then moulded from our own experience. We use ‘collaborative working’ project management tools where we can, and we’re happy for our PMs to use your own project management software if you prefer.


Our Agent Assist solution is very easy to understand from a user perspective. When the point of payment is reached in the call, the agent secures the line. PCI Pal’s secure cloud then captures all sensitive credit card details as it’s either spoken or entered via their telephone keypad without the agent hearing or seeing it, and it’s instantaneously sent to the payment provider for processing. Crucially, the voice path between the customer and agent remains open nearly all the time while this happens, so they can communicate should there be a problem. Watch the short video on our Agent Assist solution page to find out more.


PCI DSS v3.2.1 will remain active until 31st March 2024. This provides organisations time to become familiar with the new version, and plan for and implement the changes needed. Our PCI DSS v4.0 timeline provides a useful guide on key milestones you need to be aware of.


The core controls of previous versions were not designed for present-day IT environments. v4.0 introduces updated sets of requirements and approaches to securing cloud and serverless workloads. For example, requirement 1 used to be ‘build and maintain a secure firewall’. To incorporate cloud solutions, this is now ‘Build and Maintain a Secure Network and Systems’.


Yes, we offer a dashboard overview for all customer call traffic and transactions. View our reporting capability overview here.

Can’t find the answers you’re looking for?

Get in touch with us today and we’ll be happy to answer any questions you have.

Chat with us