Driving PCI DSS 4.0 Compliance for the World’s Most Demanding Businesses

July 23, 2025
Articles, Editions, Featured, HPE NonStop, July-August 2025, The Connection 0
comforte AG_Driving PCI DSS 4.0 Compliance for the World’s Most Demanding Businesses

Some of the world’s largest and most highly regulated organizations use HPE NonStop infrastructure to power their operations. For payment processors, merchants, acquirers, and other financial services providers, ACI’s Retail Payments Solutions (RPS) such as BASE24 and BASE24-eps are also a must. The combination is a powerful one. But there’s an important missing piece of the puzzle. As cyber threats and compliance challenges proliferate, IT leaders need data security partners they can trust.

The right technology, architected to meet the demanding requirements of HPE NonStop customers, will not just minimize financial and reputational risk, but also provide a springboard for business growth.

NonStop in the firing line

NonStop systems are built with security in mind, and they need to be. There were over 3,100 data compromise incidents in the US alone in 2024 – a near record – resulting in over 1.3 billion victims. Financial services was the most compromised sector, accounting for nearly a quarter (23%) of incidents. That’s not surprising given the large volumes of highly sensitive data such organizations manage. But it’s a growing concern, as the cybercrime economy continues to grow and professionalize.

UK government experts have warned that AI advances will lead to “an increase in frequency and intensity of cyber threats” over the coming two years. But they’re also achieving their goals in far more prosaic ways – such as using stolen, phished and breached credentials to login to sensitive corporate systems as legitimate users.

Their job is made easier by the fact that even well-resourced companies are finding it hard to recruit the talent they need to staff IT security teams. And by the growing size and diversity of their supply chains, which together with continued investment in digital transformation, is expanding the corporate attack surface.

PCI compliance means business

It is evolving challenges like these that the payment card industry (PCI) security standards council (SSC) is continually assessing, in order to keep its flagship data security standard (PCI DSS) relevant and effective. As a result, PCI DSS 4.0, which became mandatory on March 31, 2025, introduces stricter requirements for securing primary account numbers (PANs) and other payment data at rest – among dozens of new rules.

It means that many traditional approaches to security like disk-level encryption are no longer fit for purpose. NonStop customers running BASE24 and BASE24-eps environments may also find it challenging to meet PCI DSS 4.0 requirements without impacting system performance during the processing of high-transaction volumes. And to ensure that any encryption solution they do use doesn’t act as a roadblock to important business analytics initiatives.

Towards data-centric security

In a world of mounting cyber risk and compliance challenges, data-centric security can help to put network defenders back in control. It’s based on a continuous cycle of data discovery, classification and protection to not only meet but exceed the PCI DSS 4.0 requirements for data at rest. By tokenizing sensitive payments data like PANs, organizations can reduce the scope and cost of compliance, while ensuring data can still be used for important initiatives like fraud detection.

Even better, comforte is designed specifically with ACI RPS in mind, which means it’s fast to deploy with BASE24 and BASE24-eps payment switches, and benefits from minimal latency. It also secures data at the field level, with format-preserving tokens that retain the structure and length of PANs. This ensures compatibility with legacy systems and minimal disruption to processing logic. Additional support for non-ACI applications keeps all bases covered for NonStop customers.

From compliance to growth

For payments, financial services and retail organizations, PCI DSS 4.0 is non-negotiable. But while non-compliance raises the prospect of large fines and exclusion from payment card networks, there’s a more positive case to be made for the standard.

It’s effectively a step-by-step guide to building a more resilient and secure data environment. That’s important not just for mitigating the risk of potentially costly and reputationally damaging breaches. It could also provide a platform for scaling up customers and payment volumes, investing in innovative digital systems, and potentially even expanding globally.

 

Author

  • We are passionate and committed security experts who, with over 25 years of experience in protecting data on mission-critical systems are a trusted partner and pioneer in the field of data-centric security. Our solutions support over 300 customers globally, including industry leaders like Visa and Mastercard, helping them navigate modern cybersecurity threats while enabling data-driven innovation.

    At comforte, we strive to be more than just a vendor; we aim to be a trusted partner and advisor. As a German company headquartered in Wiesbaden, with offices in Australia, the USA, and Singapore, we uphold European privacy and compliance values in our global operations. This is underlined by the fact that we are the holders of the quality seals “IT Security Made in Germany” and “IT Security Made in EU”.

    View all posts

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.