top of page

PCI DSS V3.2.1 Expiration

PCI DSS (Payment Card Industry Data Security Standard) 3.2.1 was a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.  


PCI DSS 3.2.1 came into effect on May 17, 2018, and has an end of life date of April 30, 2024. This means that organizations have until this date to comply with the requirements outlined in this version of the standard.

Merchants should still be able to process transactions but will face eventual consequences for being non-compliant. 

The consequences of not being PCI compliant can be severe for businesses. Some key repercussions include:

  1. Financial penalties: Merchants who fail to meet PCI compliance standards may face fines from payment brands, such as Visa, Mastercard, American Express, and Discover. These fines can range from $5,000 to $100,000 per month, depending on the severity of the violation. The acquiring bank may pass these fines on to the merchant, which could lead to increased transaction fees or termination of the merchant’s relationship with the bank.

  2. Legal Ramifications: Non-compliance may also result in legal actions and lawsuits from affected parties. Organizations could face litigation, settlements, and damage to their reputation, which can have long-lasting financial and operational implications.

  3. Loss of Trust and Reputation: A data breach due to non-compliance can severely damage a company's reputation and erode customer trust. This loss of trust may lead to decreased customer loyalty, loss of business, and difficulty in acquiring new customers.

  4. Operational Disruption: In addition to financial and reputational damage, non-compliant organizations may face operational disruptions. This could include suspension of card processing privileges by banks or payment processors, leading to significant disruptions in business operations.

  5. Increased Security Risks: Failure to comply with PCI DSS leaves systems vulnerable to cyberattacks and data breaches. Without proper security measures in place, sensitive cardholder data becomes an easy target for hackers, leading to further financial losses and regulatory scrutiny.

Overall, the expiration of PCI DSS 3.2.1 underscores the importance of maintaining ongoing compliance with industry standards to safeguard sensitive cardholder data, protect against cyber threats, and preserve the trust of customers and stakeholders. Organizations must stay vigilant and adapt to new versions of the standard to ensure the security of their payment card systems.

Please, if you have received notice of pending non-compliance, please reach out to in order to begin the process of updating hardware in order to regain PCI compliance. 

bottom of page