Regulatory compliance is a fact of life for any business. And for those that accept, process, store or transmit credit card information, that means ensuring they meet the exacting requirements of PCI DSS. The card industry data security standard is two decades old this year, and its latest iteration promises a step change in how organizations are required to manage and secure their cardholder data environments (CDEs).
Non-compliance is not an option. But the process itself can be extremely time-consuming and expensive for many organizations. Fortunately, a new partnership between comforte and payments software giant ACI Worldwide should help to streamline the journey.
Continuous compliance
PCI DSS 4.0 has been billed as the biggest update to the standard since it was launched back in 2004. It features a string of changes to underlying requirements, intended to ensure the standard keeps pace with the rapid pace of technological change and threat actor innovation. These include a demand that organizations go beyond disk-level encryption to ensure all data residing in applications is also protected.
More generally, there’s a desire among industry body the PCI Security Standards Council (PCI SSC) to:
- Allow greater flexibility in the technologies organizations can use to achieve compliance
- Promote continuous security, rather than treating compliance/security as a tick-box endeavor
- Enhance validation methods and procedures
How will ACI Worldwide customers benefit?
There’s plenty to take on board before the April 1, 2025 deadline for compliance. But one recent announcement will help compliance efforts. Customers using ACI Worldwide payment software in their CDE can now take advantage of leading data protection technology from comforte, which works seamlessly with the firm’s products.
Specifically, thanks to a new partnership, ACI Worldwide now recommends comforte for its ACI Banking (i.e., Issuing and Acquiring) products in order to meet the data-at-rest requirement of PCI DSS 4.0. Those products are as follows:
- BASE24: comforte SecurDPS
- BASE24-eps: comforte SecurDPS, comforte SecurDPS Enterprise
- ICE-XS: comforte SecurDPS Enterprise
- ACI Acquirer/ACI Interchange/ACI Issuer: comforte SecurDPS Enterprise (Virtual File System component only - required for file exchange protection)
- UPF: comforte SecurDPS Enterprise
- XPNET: comforte SecurDPS
The comforte products support PCI DSS 4.0 compliance by protecting what matters most: cardholder data. They offer several benefits:
Automatic and continuous discovery and classification of data, wherever it resides in the organization.
Multiple protection mechanisms including classic encryption, masking, tokenization and format-preserving encryption (FPE). Tokenization can help organizations to use data for business value creation via analytics without exposing it to the risk of data theft.
Advanced integration without the need to change underlying applications.
Flexible deployment on-premises, in the cloud, or a hybrid combination of the two.
Future-proofing against changes in the IT environment/CDE thanks to a flexible, elastic and self-healing architecture that is designed to adapt and adjust to future requirements.
Enhanced security with integration into identity and access management (IAM) tooling, and built-in audit and analysis functionality.
Getting started
ACI says its products will work with comforte’s with minimal effort. It is recommending customers establish a vendor agreement directly with comforte and plan a roadmap aligning to the March 31 2025 PCI DSS 4.0 compliance deadline.
Once they’ve done that, it’s encouraging customers to reach out to their ACI Account Owner and the firm’s professional services team, which will help with work on deployment. There’s about a year to go before PCI DSS 4.0 becomes a reality. By using comforte to secure data at rest, organizations can take a massive stride towards compliance today.