{"id":755,"date":"2025-11-06T06:44:32","date_gmt":"2025-11-06T06:44:32","guid":{"rendered":"https:\/\/platforms.worldpay.com\/en\/?p=755"},"modified":"2025-11-06T06:44:33","modified_gmt":"2025-11-06T06:44:33","slug":"why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants","status":"publish","type":"post","link":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/","title":{"rendered":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0"},"content":{"rendered":"<section class=\"blog-contents-block py-12 lg:py-24\" x-data=\"blogContents('what-is-pci-dss', [&quot;what-is-pci-dss&quot;,&quot;pci-40-requirements-that-software-companies-should-be-aware-of&quot;,&quot;making-the-case-for-an-on-site-assessment-with-a-qsa&quot;,&quot;payment-set-ups-and-pci-40-requirements&quot;,&quot;pci-dss-40-is-active-now&quot;])\">\n    <div class=\"container relative\">\n        <div class=\"flex flex-wrap -mt-8 lg:-mx-4\">\n            <div class=\"order-1 w-full mt-8 lg:px-4 lg:flex-1 lg:order-0\">\n                <div class=\"acf-innerblocks-container\">\n\n<p>Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?&nbsp;<\/p>\n\n\n\n<p>Allow us to explain.&nbsp;<\/p>\n\n\n\n<p>When it comes to protecting payment card information from unauthorised use, exposure, and potential fraud, everyone involved in payments has an important role to play, software companies included.&nbsp;<\/p>\n\n\n\n<p>As a responsible software company that loves to provide your end users with technology that makes their day-to-day lives easier, you know how important the customer experience is. Therefore, it\u2019s important to consider your influence on the bigger payments ecosystem and prioritise meeting PCI 4.0 standards, so you can continue to make the lives of your customers easier and the process of moving money safer for all.&nbsp;<\/p>\n\n\n\n<p>Throughout this blog, we walk you through PCI, including important PCI 4.0 requirements and why you should consider getting an on-site assessment with a qualified security assessor (even if it\u2019s not technically required of you).<\/p>\n\n\n\n<h4 class=\"wp-block-heading mb-0\">Short on time? Here are key takeaways:<\/h4>\n\n\n\n<ul class=\"wp-block-list is-style-dash\">\n<li>PCI DSS is a security standards framework applicable to all businesses involved in payments and compliance is mandatory for any business that handles payment card data, including software companies.<\/li>\n\n\n\n<li>PCI DSS 4.0 guidelines were released in 2022 and introduced new requirements. PCI DSS 3.2.1 expired in March 2024.<\/li>\n\n\n\n<li>A software company\u2019s PCI compliance status directly impacts their customers\u2019 PCI 4.0 requirements.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading mb-0\" id=\"what-is-pci-dss\">What is PCI DSS?<\/h2>\n\n\n\n<p>Payment Card Industry Data Security Standard, or PCI DSS, was instated to protect payment data, serving as a framework of security standards applicable to businesses involved in payment processing. Complying with PCI DSS is mandatory for any business that handles payments data, including software companies and platforms that enable embedded or integrated payments to their software users.<\/p>\n\n\n\n<p>PCI DSS 4.0 guidelines were released in 2022 to give companies time to understand the new compliance requirements. Beginning in March 2024, PCI DSS 3.2.1 retired, and PCI DSS 4.0 assessments will only be accepted moving forward. Future-dated PCI DSS 4.0 requirements go into effect in 2025. For more details, check out this resource from the&nbsp;<a href=\"https:\/\/blog.pcisecuritystandards.org\/updated-pci-dss-v4.0-timeline\" target=\"_blank\" rel=\"noreferrer noopener\">PCI Security Standards Council<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading mb-0\" id=\"pci-40-requirements-that-software-companies-should-be-aware-of\">PCI 4.0 requirements that software companies should be aware of:&nbsp;&nbsp;\u202f&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list is-style-coral-tickbox\">\n<li>Software companies classified as Level 1 must submit an annual report on compliance (ROC) by a qualified security assessor (QSA) and a quarterly external network vulnerability scan report by an approved scanning vendor (ASV).&nbsp;&nbsp;<\/li>\n\n\n\n<li>Organisations classified as Level 2 must submit a self-assessment questionnaire (SAQ) D and a quarterly external network vulnerability scan report.&nbsp;&nbsp;<\/li>\n\n\n\n<li>These validation requirements are due annually and after any major system changes.\u202f&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Navigating PCI requirements and understanding your PCI level is complicated work and quite nuanced. The team is available and well-positioned to help you identify, scope, and understand your PCI requirements, as well as those of your merchants.<\/p>\n\n\n\n<h2 class=\"wp-block-heading mb-0\" id=\"making-the-case-for-an-on-site-assessment-with-a-qsa\">Making the case for an on-site assessment with a QSA<\/h2>\n\n\n\n<p>If you understand your PCI levelling, and find your organisation in the Level 2 category, Worldpay for Platforms strongly encourage software companies to engage a QSA to assist with correct scoping and completion of the SAQ D, especially if it is your first time through an assessment. This strategy allows you to understand your true scope and all the added requirements that are in SAQ D because of PCI 4.0, as it\u2019s possible that some may not apply to your setup.<\/p>\n\n\n<div class=\"quote-block first:mt-0 mt-5 mb-5\">\n    <svg class=\"w-[138px] min-w-[138px]\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 138 97\" fill=\"none\">\n        <g clip-path=\"url(#quote-clip-path)\">\n            <path fill=\"#A18CDE\"\n                d=\"m5.1 90.95 8.5-50.433c.756-4.345 2.644-7.745 5.667-10.2 3.022-2.645 6.894-3.967 11.616-3.967h12.184v64.6H5.1Zm51 0 8.5-50.433c.756-4.345 2.644-7.745 5.667-10.2 3.022-2.645 6.894-3.967 11.616-3.967h12.184v64.6H56.1Z\" \/>\n        <\/g>\n        <defs>\n            <clipPath id=\"quote-clip-path\">\n                <path fill=\"#fff\" d=\"M0 0h138v97H0z\" \/>\n            <\/clipPath>\n        <\/defs>\n    <\/svg>\n    <div class=\"acf-innerblocks-container\">\n\n<p class=\"has-2-xl-font-size\" style=\"font-style:italic;font-weight:400\">This approach also helps you understand your risks and attack vectors with your specific integration or setup to reduce scope and your risk profile further. By having a compliant assessment with a QSA you then become eligible to be included on the card buying list of compliant service providers. Worldpay or some other processor of yours would have to register you with the brands, but you have that coupled with the compliant on-site assessment and you can be added onto those lists, which can be a really powerful marketing tool when you\u2019re trying to secure new merchant business.<\/p>\n\n<\/div>\n            <div class=\"flex flex-wrap mt-8\">\n            <p class=\"!mt-0\">\n                                    Judy Hagerty\n                                            <span class=\"px-0.5\">|<\/span>\n                                                                        <span class=\"font-semibold\">Compliance Analyst II, Payment Data Security at Worldpay \u202f<\/span>\n                            <\/p>\n        <\/div>\n            <\/div>\n\n\n\n<h2 class=\"wp-block-heading mb-0\" id=\"payment-set-ups-and-pci-40-requirements\">Payment set-ups and PCI 4.0 requirements<\/h2>\n\n\n\n<p>Below we explain common payment set-ups through the lens of a Payrix Pro partner:&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list is-style-dash\">\n<li><strong>Scenario 1:<\/strong>&nbsp;Utilising Payrix Pro or a Payrix API, to store, process, or transmit account data on the merchant\u2019s behalf.<\/li>\n\n\n\n<li><strong>Scenario 2:<\/strong>&nbsp;Having access to and\/or storing, processing, transmitting payment data can impact the security of the merchant cardholder data environment or CDE.<\/li>\n\n\n\n<li><strong>Scenario 3:<\/strong>&nbsp;Managing in-scope systems on a merchant\u2019s behalf.<\/li>\n<\/ul>\n\n\n\n<p>Software companies that store, process, and\/or transmit or have the ability to impact account data must be PCI DSS compliant and undergo annual assessment to validate applicable PCI DSS requirements are in place. All other SaaS providers may undergo annual assessments to validate applicable PCI DSS requirements are in place or participate in each merchants\u2019 PCI DSS assessment.<\/p>\n\n\n\n<p>Also, your compliance status as a software company may directly impact the applicability of PCI DSS requirements involved in your customers\u2019 PCI assessments. For example, if the merchant SAQ A includes an ASV scan or not.<\/p>\n\n\n\n<p>There are many reasons to prioritise PCI compliance, but you could argue that prioritisation demonstrates your unwavering commitment to your customers, and that may be motivation enough for you to act now. If you walk away from this blog with anything, let it be this. Your PCI compliance validation status simplifies the PCI workload for merchants and provides a better and safer experience for everyone.<\/p>\n\n\n\n<p>We know how complex PCI compliance is, and particularly now with the new PCI 4.0 requirements, which is why the team is here to support you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading mb-0\" id=\"pci-dss-40-is-active-now\">PCI DSS 4.0 is active now<\/h2>\n\n\n\n<p>When it comes to the new PCI 4.0 requirements and controls, your merchant customers depend on you. Help them navigate the process as efficiently as possible by becoming a PCI compliant with a partner you can trust.. <\/p>\n\n\n\n<p>To learn more about how you as a software company can prepare for PCI DSS 4.0, check\u00a0<a href=\"https:\/\/platforms.worldpay.com\/blog\/how-to-prepare-for-the-new-pci-dss-4-0-requirements\" target=\"_blank\" rel=\"noreferrer noopener\">out our<\/a><a href=\"https:\/\/platforms.worldpay.com\/en\/blog\/how-to-prepare-for-the-new-pci-dss-4-0-requirements\" target=\"_blank\" rel=\"noreferrer noopener\"> <\/a><a href=\"https:\/\/platforms.worldpay.com\/blog\/how-to-prepare-for-the-new-pci-dss-4-0-requirements\" target=\"_blank\" rel=\"noreferrer noopener\">blog post<\/a><\/p>\n\n<\/div>\n            <\/div>\n            <div class=\"w-full mt-8 lg:px-4 lg:max-w-96 lg:order-1\">\n                <div class=\"w-full lg:sticky lg:top-36\">\n                                                                <div class=\"w-full p-6 bg-purple-200 rounded-lg\">\n                            <p class=\"font-bold text-[17px] mb-3 lg:text-[25px]\">\n                                Table of Contents\n                            <\/p>\n                            <div class=\"blog-contents-container\">\n                                                                    <a class=\"relative flex w-full py-4 !no-underline\" href=\"#what-is-pci-dss\"\n                                        x-on:click.prevent=\"changeTab('what-is-pci-dss')\">\n                                        <span\n                                            class=\"mr-4\">01\n                                        <\/span>\n                                        What is PCI DSS?\n                                        <span\n                                            class=\"absolute bottom-0 transition-all duration-300 left-0 w-full h-[1px] bg-grey\"\n                                            :class=\"tab === 'what-is-pci-dss' ?\n                                                'bg-purple h-[3px]' :\n                                                'bg-grey'\">\n                                        <\/span>\n                                    <\/a>\n                                                                    <a class=\"relative flex w-full py-4 !no-underline\" href=\"#pci-40-requirements-that-software-companies-should-be-aware-of\"\n                                        x-on:click.prevent=\"changeTab('pci-40-requirements-that-software-companies-should-be-aware-of')\">\n                                        <span\n                                            class=\"mr-4\">02\n                                        <\/span>\n                                        PCI 4.0 requirements that software companies should be aware of:\u00a0\u00a0\u202f\u00a0\n                                        <span\n                                            class=\"absolute bottom-0 transition-all duration-300 left-0 w-full h-[1px] bg-grey\"\n                                            :class=\"tab === 'pci-40-requirements-that-software-companies-should-be-aware-of' ?\n                                                'bg-purple h-[3px]' :\n                                                'bg-grey'\">\n                                        <\/span>\n                                    <\/a>\n                                                                    <a class=\"relative flex w-full py-4 !no-underline\" href=\"#making-the-case-for-an-on-site-assessment-with-a-qsa\"\n                                        x-on:click.prevent=\"changeTab('making-the-case-for-an-on-site-assessment-with-a-qsa')\">\n                                        <span\n                                            class=\"mr-4\">03\n                                        <\/span>\n                                        Making the case for an on-site assessment with a QSA\n                                        <span\n                                            class=\"absolute bottom-0 transition-all duration-300 left-0 w-full h-[1px] bg-grey\"\n                                            :class=\"tab === 'making-the-case-for-an-on-site-assessment-with-a-qsa' ?\n                                                'bg-purple h-[3px]' :\n                                                'bg-grey'\">\n                                        <\/span>\n                                    <\/a>\n                                                                    <a class=\"relative flex w-full py-4 !no-underline\" href=\"#payment-set-ups-and-pci-40-requirements\"\n                                        x-on:click.prevent=\"changeTab('payment-set-ups-and-pci-40-requirements')\">\n                                        <span\n                                            class=\"mr-4\">04\n                                        <\/span>\n                                        Payment set-ups and PCI 4.0 requirements\n                                        <span\n                                            class=\"absolute bottom-0 transition-all duration-300 left-0 w-full h-[1px] bg-grey\"\n                                            :class=\"tab === 'payment-set-ups-and-pci-40-requirements' ?\n                                                'bg-purple h-[3px]' :\n                                                'bg-grey'\">\n                                        <\/span>\n                                    <\/a>\n                                                                    <a class=\"relative flex w-full py-4 !no-underline\" href=\"#pci-dss-40-is-active-now\"\n                                        x-on:click.prevent=\"changeTab('pci-dss-40-is-active-now')\">\n                                        <span\n                                            class=\"mr-4\">05\n                                        <\/span>\n                                        PCI DSS 4.0 is active now\n                                        <span\n                                            class=\"absolute bottom-0 transition-all duration-300 left-0 w-full h-[1px] bg-grey\"\n                                            :class=\"tab === 'pci-dss-40-is-active-now' ?\n                                                'bg-purple h-[3px]' :\n                                                'bg-grey'\">\n                                        <\/span>\n                                    <\/a>\n                                                            <\/div>\n                        <\/div>\n                                        <div class=\"flex flex-wrap items-center w-full gap-2 p-6\">\n                        <p class=\"!mb-0\">Share:<\/p>\n                        <div class=\"flex items-center gap-y-2 gap-x-4\">\n                            <a href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/\">\n                                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"35\" height=\"35\" fill=\"none\">\n                                    <rect width=\"33.471\" height=\"33.471\" x=\".389\" y=\".951\" stroke=\"#1B1B6F\"\n                                        stroke-width=\".778\" rx=\"16.735\" \/>\n                                    <path fill=\"#1B1B6F\"\n                                        d=\"M17.806 15.493v-1.5c0-.677.156-1.02 1.25-1.02h1.372v-2.52h-2.29c-2.806 0-3.732 1.236-3.732 3.359v1.681h-1.844v2.52h1.844v7.562h3.4v-7.561h2.311l.311-2.52h-2.622Z\" \/>\n                                <\/svg>\n                            <\/a>\n                            <a href=\"https:\/\/twitter.com\/share?url=https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/\">\n                                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"36\" height=\"36\" fill=\"none\">\n                                    <rect width=\"34.084\" height=\"34.084\" x=\".646\" y=\".958\" stroke=\"#1B1B6F\"\n                                        stroke-width=\".793\" rx=\"17.042\" \/>\n                                    <g clip-path=\"url(#twitter-share)\">\n                                        <path fill=\"#1B1B6F\"\n                                            d=\"M22.517 10.147h2.626l-5.736 6.574 6.749 8.946h-5.284l-4.139-5.427-4.736 5.427H9.369l6.136-7.032-6.474-8.488h5.42l3.74 4.959 4.326-4.959Zm-.92 13.944h1.455l-9.394-12.45h-1.56l9.498 12.45Z\" \/>\n                                    <\/g>\n                                    <defs>\n                                        <clipPath id=\"twitter-share\">\n                                            <path fill=\"#fff\" d=\"M9.031 9.345h17.125V26.47H9.031z\" \/>\n                                        <\/clipPath>\n                                    <\/defs>\n                                <\/svg>\n                            <\/a>\n                            <a href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&url=https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/\">\n                                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"35\" height=\"35\" fill=\"none\">\n                                    <rect width=\"33.471\" height=\"33.471\" x=\".514\" y=\".951\" stroke=\"#1B1B6F\"\n                                        stroke-width=\".778\" rx=\"16.735\" \/>\n                                    <path fill=\"#1B1B6F\"\n                                        d=\"M12.952 26.249H9.737V14.324h3.215v11.925Zm-1.607-13.3c-1.036 0-1.876-.857-1.876-1.912 0-1.056.84-1.913 1.876-1.913 1.035 0 1.875.857 1.875 1.912 0 1.056-.839 1.913-1.875 1.913Zm14.47 13.3H22.6v-6.075c0-3.652-4.287-3.375-4.287 0v6.075h-3.216V14.324h3.216v1.913c1.496-2.803 7.503-3.01 7.503 2.684v7.328Z\" \/>\n                                <\/svg>\n                            <\/a>\n                        <\/div>\n                    <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n\n<div class=\"wp-block-custom-container bg-transparent mt-12 mb-0 pt-12 pb-24\" style=\"background-image:url(\/wp-content\/uploads\/2025\/01\/cards-bg2.png);background-size:cover\"><div class=\"container\">\n<h2 class=\"wp-block-heading mb-0\">Explore more blogs<\/h2>\n\n\n<div class=\"related-blogs-block -mx-4 first:mt-0 mt-10\" id=\"related-blogs-block_d7b6c5928a379c2e4720f641b8be9539\">\n        <div class=\"swiper related-blogs-swiper\">\n            <div class=\"swiper-wrapper\">\n                                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            Blog post<\/p>\n                <h5>The in\u2011person payments opportunity: How card\u2011present payments boost SaaS revenue<\/h5>\n            <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/blog\/the-in-person-payments-opportunity\/\">Read now<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            Blog post<\/p>\n                <h5>Integrated vs. embedded payments: The strategic decision for vertical SaaS<\/h5>\n                <div class=\"mt-4\">\n            <p class=\"text-base leading-tight line-clamp-3\">Integrated and embedded payments may sound similar, but they differ significantly in ownership, monetisation, and impact on vertical SaaS growth.<\/p>\n        <\/div>\n        <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/blog\/integrated-vs-embedded-payments\/\">Read now<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            case-study<\/p>\n                <h5>Powering seamless fitness experiences with embedded payments at Xoda<\/h5>\n                <div class=\"mt-4\">\n            <p class=\"text-base leading-tight line-clamp-3\">How Worldpay for Platforms is supporting Xoda in transforming the way fitness businesses engage, charge, and grow<\/p>\n        <\/div>\n        <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/customers\/xoda\/\">Learn more<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            video<\/p>\n                <h5>Growth Journey for Platform Partners<\/h5>\n            <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/resources\/videos\/growth-journey-for-platform-partners\/\">Watch now<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            video<\/p>\n                <h5>Revenue Opportunity for Partners<\/h5>\n            <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/resources\/videos\/revenue-opportunity-for-partners\/\">Watch now<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                                                        <div class=\"flex h-auto px-4 mt-5 swiper-slide\" >\n                        <div class=\"flex flex-col justify-start flex-1 w-full h-full p-8 bg-white shadow-xl rounded-xl 2xl:p-12\">\n            <p class=\"text-base font-light text-black uppercase\">\n            video<\/p>\n                <h5>How is Worldpay for Platforms owning it for their customers<\/h5>\n            <div class=\"mt-auto\">\n        <a class=\"mt-10 btn btn-blue-outline !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/resources\/videos\/how-is-worldpay-for-platforms-owning-it-for-their-customers\/\">Watch now<\/a>\n    <\/div>\n<\/div>\n                    <\/div>\n                            <\/div>\n            <div class=\"flex flex-wrap items-end justify-between w-full px-4 mt-10 md:flex-nowrap\">\n                <div class=\"relative px-0 mb-4 md:mb-0 lg:pr-10\">\n                    <div class=\"swiper-pagination related-blogs-pagination swiper-pagination-blue\">\n                    <\/div>\n                <\/div>\n                                    <div class=\"flex justify-center w-full lg:justify-end md:w-auto\">\n                        <a class=\"btn btn-blue !no-underline\" href=\"https:\/\/platforms.worldpay.com\/en\/resources\/\">View all resources<\/a>\n                    <\/div>\n                            <\/div>\n        <\/div>\n    <\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[8],"tags":[],"topic":[],"class_list":["post-755","post","type-post","status-publish","format-standard","hentry","category-blog-post"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0 | Worldpay for Platforms<\/title>\n<meta name=\"description\" content=\"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0\" \/>\n<meta property=\"og:description\" content=\"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/\" \/>\n<meta property=\"og:site_name\" content=\"Worldpay for Platforms\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-06T06:44:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-06T06:44:33+00:00\" \/>\n<meta name=\"author\" content=\"kevin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"kevin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/\"},\"author\":{\"name\":\"kevin\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/#\\\/schema\\\/person\\\/7636f0a1b017597e0d65749366846102\"},\"headline\":\"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0\",\"datePublished\":\"2025-11-06T06:44:32+00:00\",\"dateModified\":\"2025-11-06T06:44:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/\"},\"wordCount\":986,\"commentCount\":0,\"articleSection\":[\"Blog post\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/\",\"url\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/\",\"name\":\"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0 | Worldpay for Platforms\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/#website\"},\"datePublished\":\"2025-11-06T06:44:32+00:00\",\"dateModified\":\"2025-11-06T06:44:33+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/#\\\/schema\\\/person\\\/7636f0a1b017597e0d65749366846102\"},\"description\":\"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/\",\"name\":\"Worldpay for Platforms\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/#\\\/schema\\\/person\\\/7636f0a1b017597e0d65749366846102\",\"name\":\"kevin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g\",\"caption\":\"kevin\"},\"url\":\"https:\\\/\\\/platforms.worldpay.com\\\/en\\\/blog\\\/author\\\/kevin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0 | Worldpay for Platforms","description":"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/","og_locale":"en_US","og_type":"article","og_title":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0","og_description":"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0","og_url":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/","og_site_name":"Worldpay for Platforms","article_published_time":"2025-11-06T06:44:32+00:00","article_modified_time":"2025-11-06T06:44:33+00:00","author":"kevin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"kevin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/#article","isPartOf":{"@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/"},"author":{"name":"kevin","@id":"https:\/\/platforms.worldpay.com\/en\/#\/schema\/person\/7636f0a1b017597e0d65749366846102"},"headline":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0","datePublished":"2025-11-06T06:44:32+00:00","dateModified":"2025-11-06T06:44:33+00:00","mainEntityOfPage":{"@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/"},"wordCount":986,"commentCount":0,"articleSection":["Blog post"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/","url":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/","name":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0 | Worldpay for Platforms","isPartOf":{"@id":"https:\/\/platforms.worldpay.com\/en\/#website"},"datePublished":"2025-11-06T06:44:32+00:00","dateModified":"2025-11-06T06:44:33+00:00","author":{"@id":"https:\/\/platforms.worldpay.com\/en\/#\/schema\/person\/7636f0a1b017597e0d65749366846102"},"description":"Did you know that your PCI compliance status can influence the PCI 4.0 controls and requirements that need to be met by your customers?\u00a0","breadcrumb":{"@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/platforms.worldpay.com\/en\/blog\/why-saas-companies-need-to-prioritise-pci-4-0-compliance-and-the-impacts-to-merchants\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/platforms.worldpay.com\/en\/"},{"@type":"ListItem","position":2,"name":"Why SaaS companies need to prioritise PCI 4.0 compliance (and the impacts to merchants)\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/platforms.worldpay.com\/en\/#website","url":"https:\/\/platforms.worldpay.com\/en\/","name":"Worldpay for Platforms","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/platforms.worldpay.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/platforms.worldpay.com\/en\/#\/schema\/person\/7636f0a1b017597e0d65749366846102","name":"kevin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/326e391625336843cc54dbf2a03828e2c014bab05a2b5953c45ec43cd2999b93?s=96&d=mm&r=g","caption":"kevin"},"url":"https:\/\/platforms.worldpay.com\/en\/blog\/author\/kevin\/"}]}},"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"kevin","author_link":"https:\/\/platforms.worldpay.com\/en\/blog\/author\/kevin\/"},"_links":{"self":[{"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/posts\/755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/comments?post=755"}],"version-history":[{"count":0,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/posts\/755\/revisions"}],"wp:attachment":[{"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/media?parent=755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/categories?post=755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/tags?post=755"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/platforms.worldpay.com\/en\/wp-json\/wp\/v2\/topic?post=755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}