16 questions. All 12 PCI DSS Requirements. Know your gaps before a QSA does. Final v4.0.1 enforcement landed March 31, 2025 — every cardholder data environment is in scope now.
We'll email a formatted PDF of your PCI DSS v4.0.1 readiness score and gap analysis — plus copy john@corerecon.com so you can book a free consultation.
All 64 future-dated v4.0.1 requirements are now fully enforceable. QSAs are assessing against the complete standard. No grace period remains.
⚠ PCI Breach Reality
$9,000/card — Average Fine
Card brand fines for non-compliant merchants after a breach: $5,000–$100,000/month plus per-card liability. Most SMBs face card acceptance termination. (Visa/MC 2024)
Req 8 — MFA Now Mandatory
v4.0.1 expanded MFA to ALL access into the cardholder data environment — not just admin/remote. This catches most mid-market retailers off-guard in QSA assessments.
Req 6 — 1-Month Patch SLA
Critical patches now require remediation within one month. Many QSAs report this as the #1 finding at Texas hospitality and retail assessments in 2025.