Shopify, a provider of essential internet infrastructure for commerce, has announced a simplified compliance process for its millions of merchants in the face of the new mandatory requirements of PCI Data Security Standards Version 4.0 (PCI DSS v4.0), that will come into effect on March 31, 2025.
Among the critical updates from the Payment Card Industry Security Standards Council, led by major credit card companies, is the introduction of measures designed to prevent digital skimming attacks. These are a major cybersecurity threat where hackers steal sensitive information such as credit card details directly from online transactions.
Australia is seeing a rise in cyberattacks, with the Australian Signals Directorate (ASD) receiving more than 87,000 cybercrime reports during the 2023–2024 financial year, one report every six minutes. Within this context, the new requirements are designed to safeguard the integrity of online transactions and strengthen consumer confidence in digital commerce. However, PCI DSS v4.0 regulations also present intricate compliance challenges for online businesses.
Shopify distinguished engineer Ilya Grigorik said, “We’ve built Shopify’s world-class checkout and storefronts architecture to be future-proof, providing solutions that simplify compliance with the ever-changing list of security, data, and privacy requirements and regulations.
“We actively engage with standards and requirements development, and sweat the technical details of implementing the right components across our platform. This enables Shopify merchants of every size to focus on running and growing their business, free from the scramble and worries of managing compliance tasks.”
For online businesses not on Shopify’s unified platform, meeting these new mandatory requirements can be time and labour-intensive. These requirements include stricter protection for card fields on checkout pages, regular assessments of website tampering, more detailed records of security measures and quicker response times for security issues.