Protect your business

Anti-phishing compliance under PCI DSS v4.0

The Payment Card Industry Data Security Standard (PCI DSS) is active in protecting payment data. In today’s high-stakes cybersecurity arena, the dynamic evolution of its compliance requirements is key.

PCI DSS v4.0 section 5.4 requires any business that handles payment card information to have anti-phishing mechanisms in place by March 2025.

Email security

current threats

There’s a security flaw in the way email was first designed that puts businesses at risk of impersonation, phishing and spoofing attacks. PCI DSS v4.0 aims to protect businesses and their stakeholders from these threats.

96 %

Of phishing attacks arrive via email

95 %

Of security breaches result from human error


Recommendations for compliance

  • Implement an anti-spoofing control like DMARC to prevent phishers from impersonating your business domains and stakeholders.
  • Use technologies that block phishing emails and malware before they reach personnel to reduce incidents and decrease the time required by employees to check and report phishing attacks.
  • Training to help employees recognize and report phishing emails.

PCI DSS Section 5.4 business compliance benefits

stakeholder trust

Reduced risk of
financial loss

Protection against

Prevention of data

Enhanced regulatory


Implement DMARC to protect and comply

If a cybercriminal takes advantage of vulnerabilities in your email security, your business could suffer irreparable damage. Implement DMARC, the global email authentication standard that encompasses SPF and DKIM to ensure that only real email from your brand ever reaches a recipient’s inbox.

It’s also strongly recommended by the PCI Security Standards Council (PCI SSC) as a solution to compliance with PCI DSS section 5.4.

Do I need DMARC?

Your DMARC provider for headache-free compliance

  • Seamless DMARC implementation & support
  • No disruption to business or customers
  • Scalable to business of any size
  • Proactive monitoring & management of email ecosystem
  • Guaranteed protection in a max of 90 days

Thanks to the knowledgeable team at Sendmarc, Santova’s mail delivery is safe and compliant, assisting us with further improving service levels for our clients.

Gerrit Fourie
Divisional Executive for SCM

With the rise of impersonation and phishing attacks, Bidvest Services needed to take every measure to ensure our employees, customers and supply chains were protected from cybercriminals. We chose Sendmarc, an experienced security services provider, and managed services provider Executive Solutions to ensure timeous and cost-effective DMARC compliance across all our domains.

Gareth Burmeister
Chief Financial Officer – Bidvest FM Cluster
Get in touch

Complete this form to get started