As of March 31^st, 2025, PCI DSS v4.0 is now officially in force. If your customers accept card payments online—whether they’re retailers, ecommerce brands, or service providers—they’re now operating under the new standard. 

And from what we’re seeing in the channel, there’s a lot of uncertainty out there. 

Many organisations either don’t realise they’re in scope or don’t fully understand what’s changed. This is your opportunity to step in, add value, and guide your customers through it. 

At Climb, we’re here to help you do just that. 

What’s Changed in PCI DSS v4.0? 

Quite a lot. The updated standard takes a more forensic look at where and how card data is processed. 

Key areas of focus include: 

• Protection against malware and vulnerabilities. 

• Much tighter scrutiny on scripts running on payment pages. 

• More detailed requirements across a broader set of technical and operational controls. 

• Greater emphasis on continuous monitoring and demonstrable control over your environment. 

This matters because many of your customers may not realise just how many payment points they have or how exposed they might be through tools they’ve trusted for years. 

Highlighting Hidden Risks 

The truth is many organisations don’t know how many payment pages they even have. Over time, teams spin up new sites, add campaign-specific checkouts, or integrate third-party plugins without fully tracking what’s live. Each one of those pages becomes a potential breach point. 

The rise of analytics tools embedded on those pages is even more concerning. 

These tools promise insight: who your customers are, what they buy, how they behave. But some of them are gathering far more data than they should, sometimes packaging and reselling it onto other parties. That means data is being exfiltrated without your knowledge, and that is a PCI DSS issue.  

Your customers need help understanding: 

• What they’ve got running on their pages 

• Whether they’re truly in control of the data flow 

• How to close the gaps 

Where Does That Leave You (and Your Customers)? 

If your customers aren’t 100% sure: 

• How many active payment pages they have 

• What’s running on those pages 

• Whether they’re unintentionally sharing data with third parties 

• Or even who is ultimately responsible for PCI compliance in their organisation… 

They’re not alone. 

And that’s where you—and us—come in.  

Simplifying Compliance with Climb 

PCI DSS v4.0 doesn’t come with a ‘one and done’ solution. Compliance is a combination of process and technology, and every customer’s setup is a little different. 

Climb works with a wide range of vendors who address specific PCI DSS requirements, from malware protection and vulnerability scanning to script monitoring and data privacy controls. Our role, however, goes beyond product matchmaking. We help you make sense of it all. 

A Compliance Conversation with Climb is short, structured, and effective. It starts by asking the right questions, such as: 

• Do you know exactly what scripts are running on your payment pages, and who put them there? 

• Are your third-party tools only collecting the data they’re supposed to? 

• Are you monitoring for unauthorised changes on those pages in real time? 

• Do your current security tools map to the new v4.0 control sets? 

From there, we’ll: 

• Help you and your customers understand current exposure 

• Pinpoint any weak spots 

• Match the right solutions to help close the gaps 

This is #TheClimbWay 

At Climb, we give our partners the insight, support, and solutions they need to succeed. 

So, let’s talk. Whether it’s mapping out your customers’ payment ecosystem, analysing what’s really happening on their sites, or selecting the right solutions to fill compliance gaps—we’ll help you help them.  

Let’s cut through the confusion. Let’s get the right solutions in place. Let’s make compliance simple. 

One conversation is all it takes. That’s #TheClimbWay.