Free PCI DSS 4.0 checklist

The 2026 PCI DSS compliance checklist

PCI DSS 4.0 has been mandatory since March 2025. If your business takes card payments by phone, pay-by-link or web — or you run a UK contact centre that handles card data — this checklist helps you work out exactly what's required and where your gaps are likely to be.

Get the checklist

Free PDF — sent to you immediately.

Why PCI DSS 4.0 matters right now

The deadline has passed

PCI DSS 4.0 became the only valid version of the standard in March 2025. If you're still working to an older framework, you're already out of step — and your next QSA assessment will reflect that.

Phone payments are firmly in scope

Card data captured over the phone has always been in scope for PCI DSS, but 4.0 tightens the rules around how you protect it during a call. DTMF masking, agent-assisted capture and pay-by-link each carry their own requirements.

The SAQ route isn't automatic

Many businesses assume they qualify for a simple Self-Assessment Questionnaire. Whether you do — and which one — depends on how your cardholder data environment is structured. Getting it wrong means your compliance status may not hold up under scrutiny.

What's inside

Actionable checks structured so you can work through them with your compliance lead, IT team or QSA — not just read once and file away.

A step-by-step PCI DSS 4.0 roadmap from initial scoping through to sign-off
How to map cardholder data flow across phone, web and pay-by-link channels
The criteria for qualifying as SAQ A — and what disqualifies you
Practical steps to reduce your PCI scope before your next QSA assessment
What changed from PCI DSS 3.2.1 and where the new requirements bite hardest
A ready-to-use checklist you can hand directly to your QSA or internal audit team

Prefer to talk it through?

If you'd rather walk through your compliance position with someone who knows the standard, book a call with our team. We work with UK contact centres and businesses taking phone payments every day.

PCI DSS Level 1
Cyber Essentials Plus

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia