For years, PCI compliance has sat in the background of retail operations. A necessary and important process, but one that was periodic and contained.

That model doesn’t hold anymore. Once, PCI was just a project to complete, or an audit to pass. It was something to revisit the following year.

PCI DSS 4.0 quietly changed that assumption. Compliance moved away from being a point-in-time certification. Now, it’s an operational condition that must hold true every day.

This is the shift retailers are now facing, and it’s far from just being theoretical. It’s operational, commercial, and immediate.

Payments are no longer at the edge of retail

Retail environments have changed. Payments aren’t a discrete function anymore; they’re embedded across the entire customer journey.

Payments now sit at the centre of a business. Card transactions are firmly embedded within physical retail across Europe. They’re closely tied to the likes of loyalty schemes, mobile apps, returns processing and real-time stock visibility.

When that environment fails and payments stop, it halts commercial operations. The impact is immediate, as customers abandon baskets, queues start building, staff revert to manual processes, and fraud exposure steadily increases.

PCI DSS 4.0 reflects this reality. It treats payment security as something that underpins trading and isn’t just something that supports it.

Compliance: No longer about documentation

The practical implication is clear – documentation isn’t enough.

Compliance now depends less on documentation and more on whether the operating environment behaves securely continuously. That changes where the challenges lie. It moves away from audit preparation and into live operations.

For many retailers, that exposes a deeper issue.

Retail infrastructure isn’t built for continuous assurance. Most store networks weren’t designed with something like this in mind. In most cases, store networks have often evolved country by country, supplier by supplier and opening by opening.

Having different connectivity providers and locally configured firewalls contributes to an environment which technically works but can’t be governed consistently. Those inconsistent monitoring practices only adds to the issues within this kind of environment.

Under previous PCI versions, that inconsistency was manageable. Assessment focused on evidence and periodic checks, but with PCI DSS 4.0, it becomes a structural problem.

The requirement shifts to proving the environment always behaves securely. That’s not something fragmented infrastructure can easily support.

Network design has become a compliance decision

This is where the conversation changes most. PCI DSS 4.0 makes network architecture a compliance decision.

Historically, retail IT followed a familiar pattern. Connectivity was designed first, applications added afterwards and security applied around the edges. PCI compliance followed as a validation exercise, confirming controls existed within that existing environment.

Now, that sequence is reversed. The new framework assumes security controls operate continuously. It all depends on how the network behaves rather than what documentation says.

What does this imply? Compliance isn’t something validated after deployment. Instead, it’s something designed in from the start.

Why does consistency now define security?

In multi-site retail, consistency becomes the deciding factor. A distributed estate requires predictable behaviour across hundreds or thousands of locations. Without it, continuous assurance breaks down.

Monitoring is far from an occasional activity. Segmentation can’t rely on manual configuration, while access controls must remain consistent regardless of location.

That’s why retailers are rethinking how networks are governed. Retailers are looking at centrally governed connectivity models that separate how stores connect from how security is applied.

Technologies like SD-WAN and SASE are often positioned as upgrades, yet their value lies in governance. These solutions allow payment environments to be segmented logically rather than physically. Access rules follow users and devices automatically, while providing visibility into abnormal behaviour across the estate.

PCI DSS 4.0 is an operational challenge

Taken together, the message is clear. PCI DSS 4.0 isn’t asking retailers to tighten controls around the edges. It’s asking them to rethink how their environments work day-to-day.

Payment security has evolved beyond being just about protecting card data. It’s now about maintaining predictable store operation, which shifts the conversation from compliance ownership to business impact.

When compliance breaks, trading is interrupted and customer experience degrades. Fraud exposure increases, while recovery effort slowly escalates.

Going forward with PCI DSS 4.0

The retailers that adapt aren’t treating PCI as a standalone requirement. They’re designing environments where security controls operate continuously and policies are enforced centrally. There’s visibility across every location, with payment environments being isolated by design.

Instead of checking each location individually, teams manage policy once and verify it everywhere.

PCI DSS 4.0 exposes an existing problem around retail environments. They’re already complex, distributed, and difficult to govern. The new standard just removes the buffer of periodic assessment.

Now, the environment itself must prove it works every single day. In a retail context, it’s a vital commercial necessity.

Want to see how else retailers can build success on the high street? Speak with Gamma Communications today and learn more about high street transformation.

Poki has published a study on web gaming based on surveys of players and developers in the US and UK. It suggests web gaming is taking a larger share of users’ attention alongside social media.

The Amsterdam-based company, which says it reaches 100 million monthly active users, commissioned Atomik Research to survey 2,000 people who play web games at least weekly and 400 game developers. The findings point to stronger engagement with browser-based games, broader spending across gaming, and growing use of web platforms to discover new titles.

Among consumers surveyed, 71% said the amount of time they spend playing web games relative to social media was either stable or increasing. Within that group, 28% said their web gaming time was increasing relative to social media use.

The study also found that 28% of web gamers said their gaming time was increasing specifically at the expense of social media, rising to 34% among daily players. At the same time, 90% of respondents said they listen to music, chat with friends, watch streams, use social media or do something else while playing web games.

Even with that overlap in media use, browser games often hold users’ focus. According to the report, 44% of respondents said the web game had their primary attention while multitasking.

Audience profile

The consumer data suggests web gaming reaches beyond a purely casual audience. Some 37% of those surveyed said they play web games multiple times a day, while 92% described HTML5 games as high quality.

Spending patterns also indicate that web gamers are active across the wider games market. The survey found that 27% spend more than USD $50 each month on purchases across the gaming ecosystem, rising to 35% among the most frequent players.

Hardware ownership in the sample was also high. The study found that 71% of web gamers own premium gaming hardware, including 42% who own a PlayStation 4 or 5, 27% who own an Xbox model, and 27% who own a Switch or Switch 2.

Taken together, browser play, paid gaming activity and console ownership suggest web gaming is part of a wider entertainment mix rather than a standalone niche. The report points to ease of access and free-to-play availability as key reasons, with 56% saying they favour web games because they are easy to access and 58% saying they choose them because they are free.

Discovery channel

The developer survey pointed to discoverability as a major reason to publish games on the web. Some 46% of developers said discovery was a core benefit of publishing to web platforms, while 53% said web gaming offered a way to reach new users.

Players reported similar behaviour. The research found that 62% had downloaded or bought a game after first playing it on the web, rising to 72% among the most frequent players.

That suggests browser-based play serves as an entry point for games that may later be downloaded or bought on other platforms. For developers facing crowded app stores and rising user acquisition costs, the findings add to a wider debate over how games are found and sampled online.

The study also included qualitative contributions from studios including Outfit7, HappyLander, Radical Play, Burny Games, StoreRider, Gopandagames and Emolingo. Poki said the report was intended to address what it sees as a lack of data on current web gaming behaviour and industry attitudes.

Stein Janssen, Chief Operating Officer at Poki, said: “At Poki we became keenly aware that there is almost no available data on the reality of web gaming as it is today. With that in mind, we commissioned Atomik Research to speak to hundreds of developers and thousands of players. A fascinating picture is emerging. Web gaming is usually discussed through the lens of what it used to be, rather than what it has become. And what it has become explains why it is currently enjoying significant growth.

“Web gaming today drives discoverability, thrives in engaging users distracted by a fragmented attention economy, exposes games and IPs to high-value players willing to spend on the worlds they discover, and is even reducing consumers’ time on social media. Developers yet to move on web haven’t got it wrong. But they increasingly risk being late to a new movement in games, where revenues are growing, players are staying, and gaming brands are unleashed to new audiences.”

The report was written by games journalist Will Freeman. It drew on responses from developers whose work is focused mainly on mobile, with the remainder working primarily on PC titles.

Will Freeman, the report’s author, said: “In my 20 years covering this industry, I’ve rarely seen a sector with such a large and engaged audience go quite so under the radar. Writing this report was an eye-opener because it allowed me to tear down my own assumptions about the format. I learned a tremendous amount writing it, and I hope readers do too.”