On September 19, 2025, Cloud4Y successfully passed its scheduled audit and was certified for the PCI DSS 4.0.1 standard. The audit was conducted by the independent QSA company, Compliance Control Ltd. The certificate is valid until September 18, 2026.
The PCI DSS 4.0.1 version was published in June 2024 and has since become the current, most relevant standard. By the end of 2024, it fully replaced version 4.0. While this release does not introduce new requirements, it provides over 50 clarifications. Here are the most significant updates:
-
Enhanced Precision: Requirements are now more precise, assessing both the infrastructure itself and the level of protection for cardholder data.
-
Protection for Unauthorized Channels: New rules address situations where payment data accidentally enters unauthorized channels—such as chat, email, or website forms. These channels must now either be included in the audit scope or be securely protected against leaks.
-
Expanded Web Security: Mandatory integrity controls for scripts now also apply to pages with iframe-based payment forms. Furthermore, companies must maintain an inventory of all scripts with a justification for their use.
-
Clarified Shared Responsibility: The conditions for distributing responsibility between the client and the provider (TPSP) have been further clarified, which is especially critical for cloud and IaaS services.
For Cloud4Y clients, this certification is a key advantage: our platform is fully prepared to meet the requirements of Visa, Mastercard, MIR, and other payment systems. PCI DSS-compliant hosting from Cloud4Y helps you launch projects faster, reduces costs, and simplifies audits. If your business involves handling payment data, Cloud4Y's PCI DSS hosting provides a reliable foundation.
Security is not just a checkbox in a report; it's a tangible business advantage. Cloud4Y reaffirms this commitment every year.
