PCI DSS 4.0: The new standard for ecommerce security

When customers shop online, they’re not just buying your product, they’re buying trust. At your checkout, they are sharing personal payment details. If they don’t feel completely secure, they are much less likely to complete the purchase.

That’s why PCI DSS 4.0 matters. Released in 2022 (with a 2024 update) and new requirements made mandatory on 31 March 2025, this standard is the global rulebook for protecting cardholder data. For online platforms, retailers, and service providers, compliance isn’t an audit item, it’s a foundation for building a trustworthy brand and ensuring ecommerce security.

Why this matters for Australian online sales

Card-not-present (CNP) fraud represents the most significant threat to digital commerce in Australia.

• In 2024, card fraud rose to $913 million according to AusPayNet’s 2025 Australian Payment Fraud Report.
• Almost 10% of Australians experienced card fraud in the past year reports the Australian Bureau of Statistics.

This level of financial crime severely impacts consumer confidence, leading to cart abandonment and lost sales. PCI DSS 4.0 is specifically designed to restore confidence in how payments are handled by ensuring payment practices keep pace with modern digital threats.

Key changes driving better ecommerce security

The PCI DSS 4.0 standard introduces key shifts that directly impact how online businesses manage risk:

• Continuous compliance: The focus moves from annual, point-in-time check-ups to continuous monitoring, testing, and assessment. Security must now be integrated into the daily operational culture of the business, moving beyond simple yearly audits.
• Stronger authentication: PCI DSS 4.0 mandates Multi-Factor Authentication (MFA) and more rigorous password rules for all systems that handle sensitive card data, significantly enhancing login controls.
• Targeted threat prevention: New requirements aim to prevent and detect modern online threats like phishing, digital skimming attacks, and payment platform vulnerabilities.

In short: PCI DSS 4.0 is about making sure security keeps up with the pace of online business.

Understanding your compliance role

You don’t need to be a security expert, but you should know where your responsibility begins and ends. Consider these practical questions:

• How much data do you handle? The less card information you touch directly, for instance, by using tokenisation or a hosted payment page, the simpler your compliance burden becomes.
• What is your provider’s role? An integrated payment provider can assume the vast majority of the compliance effort, significantly reducing the administrative workload on your team.
• Can you demonstrate compliance? Effective e-commerce security requires proof, not just policies. This includes staff training records, access monitoring logs, and clear evidence that security practices are followed daily.

For small to mid-sized businesses (SMBs), reviewing these areas with your payments provider can often be completed quickly. For larger enterprises, these considerations should be formalised within governance and risk frameworks.

Introducing Eway, your partner for simplified compliance

Your payments partner is your greatest asset in achieving and maintaining compliance. When the payment process is correctly integrated, your direct security responsibilities are drastically reduced.

At Eway, achieving and maintaining PCI DSS compliance is central to our operation. Our security architecture is designed to protect businesses of every size, from small local sellers to major platforms. We also offer dedicated resources and support, such as the Merchant Trust Initiative, to help manage your customers’ card details compliantly and enhance your overall e-commerce security.

For most business owners, the message is simple: selecting a compliant partner simplifies admin, minimises your risk exposure, and ensures your checkout keeps flowing smoothly to retain customers.

Key takeaways

• PCI DSS 4.0 is active now and requirements are mandatory from March 2025.
• Online fraud is rising: $913 million lost in 2024, mostly from CNP transactions.
• The new standard focuses on continuous compliance, stronger authentication, and shared responsibility.
• A trusted payments partner can make compliance simpler and give customers confidence at checkout.

When customers reach your checkout, do they feel confident enough to complete the payment? PCI DSS 4.0 is about making sure the answer is yes, for their peace of mind and yours. To secure your checkout and learn more about PCI DSS 4.0, chat to our team today.