The PCI Security Standards Council (PCI SSC) has published version 4.0 of the PCI Data Security Standard (PCI DSS). This version 4.0 replaces version 3.2.1, addresses emerging threats and technologies, and utilizes new methods in order to combat the new threats. 
The PCI Data Security Standard (PCI DSS) is the global standard that provides a baseline of technical and operational requirements designed to protect payment card account data. While PCI DSS was specially designed to focus on environment payment card account data, it can be used to protect other elements in the payment ecosystem against threats. 
Much has changed since version 3.2.1 was released in 2018, including online transactions, the increased use of point-of-sale machines, and cloud platforms are used extensively for the storage of cardholder data. The new PCI DSS v4.0 allows retailers to take a customized implementation approach, meaning that retailers can modify implementation procedures and still meet requirement intent. 
The 12 core PCI DSS requirements did not fundamentally change with PCI DSS 4.0. However, the new v4.0 will focus on PCI security objectives that will guide how security controls should be implemented.  Some of the changes within PCI DSS v4.0 consist of the following:
PCI DSS v4.0 now regards what used to be known as “cardholder data” as account data. This consists of cardholder data and/or sensitive authentication data. With this new distinction, account data is considered a generalized term, thus, this will have broader implications for an organization. A recent article by Tripwire provided an example of data that is stripped of card number information, making it no longer acceptable to store this information without the same protections as a full data set. This could result in an increase in the scope of PCI audits. 
With the payment industry gradually moving towards the cloud, it’s important that stronger authentication standards are enforced to safeguard cardholder data. Although this is not an exhaustive list, PCI DSS v4.0 considers these requirements:
With v4.0, PCI DSS compliance will permit organizations to build their own unique authentication methods, as long as they can meet data security regulatory requirements and can scale to fit the organization’s transaction objectives and risk environment.  
PCI DSS v4.0 has also added requirements to the existing list, including:
The transition to PCI DSS v4.0 will not immediately take effect. During this phase, PCI DSS v3.2.1 will remain active for the two years following the publication of v4.0. Organizations will have two years to familiarize themselves with the changes, update any reporting templates and forms, and plan for and implement the changes to meet the new requirements. The date everyone will need to have completed the transition will be March 31, 2024.
Once the transition period is complete, PCS DSS v3.2.1 will be retired and PCI DSS v4.0 will be the only active version. Some requirements are designated with a future date to provide organizations with implementation time; until the future date is reached, those requirements will be considered best practices.
Threats are constantly changing and evolving, requiring new technology to be used to combat and proactively protect against them. The changes made to PCI DSS compliance are a step in the right direction to address the quickly changing threat landscape against payment card data by requiring better PCI security practices to be implemented.