Frequently Asked Question

What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard's retirement date of 31 March 2024?

Compliance questions, including questions about whether it is acceptable to submit a PCI DSS v3.2.1 assessment report after that standard's retirement date of 31 March 2024, should be directed to organizations that manage compliance programs (for example, payment brands and acquirers). Contact details for the payment brands can be found in FAQ #1142 'How do I contact the payment card brands'?
Also refer to the following related FAQs:

Originally published: March 2023
Article Number: 1563

Featured FAQ Articles