- New security standards in electronic payment transactions lead to increased security requirements for companies.
- Non-compliance can result in high fines and the revocation of credit card licenses.
- Customer data must now be better protected against hacker attacks.
Wiesbaden, Germany – 18 July 2023 – "Many companies from the credit card industry and affiliated merchants, are not yet sufficiently prepared for the tightened security requirements, due to the extended security requirements PCI 4.0. The first new protection protocols of the industry standard PCI DSS V4.0 (PCI 4.0) come into force as early as March 2024. Those who do not comply with these will not only endanger consumers and themselves in the event of hacker attacks, but will also have to reckon with quite severe penalties. In the most severe case, this can also result in license revocation," says Michael Deissner, CEO of cybersecurity specialists comforte AG.
PCI 4.0 stands for Payment Card Industry Security Standard. PCI is a widely recognized set of rules and regulations by the credit card organizations in payment transactions that govern the processing of credit card transactions. The new PCI 4.0 security standards relate in particular to the areas of data recognition and classification. They are intended to make the handling of credit card data more secure, and to exclude or minimize possible damage to credit card users, retailers and companies, in the event of cyberattacks by criminals. The new measures include ongoing data identification and classification based on risk, stricter authorization management that governs access to sensitive data, and inventory of credit card data systems.
The new PCI regulations focus, among other things, on requirements for a complete inventory of where sensitive credit card data - such as sales and personal customer data - must be transferred, used, and stored temporarily and permanently. This data must be classified according to the level of potential damage from cyberattacks. Based on this classification, the access of all persons to this data must be regulated, monitored and regularly adjusted.
comforte AG, a leading provider of enterprise data security solutions and data-centric encryption technology to defend against cyberattacks, already meets the tightened requirement profile of PCI 4.0. All companies that come into contact with and process credit card data will have to have implemented the required optimized security protocols starting in March 2024.
comforte's solutions help companies achieve PCI compliance. With comforte's SecurDPS solution, format-preserving encryption makes credit card data unusable for unauthorized parties. For companies, however, the secure sending, processing, use and storage of data is still possible. The implementation of SecurDPS is also accompanied by a PCI-compliant classification and inventory of data storage and its movement profiles, so that a traceable authentication of legitimate users that can be verified and adjusted at any time is possible. SecurDPS users include not only the largest credit card companies, which encrypt more than 4,000 credit card payments every second using the comforte solution, but also global retailers such as the U.S. department store chain Macy`s.
Michael Deissner: "New, successful hacker attacks on industry and infrastructure are reported every day, causing billions in damage every year. The globally networked financial and credit card industry in particular, with its millions of connected merchants, is a permanent and rewarding target for cyber criminals. That is why we welcome the new tightened rules of the PCI regime. We can already offer any company working with large volumes of credit card transaction data, tailored security solutions, that are fully compliant with the extended requirements now defined under PCI."
comforte AG is a leading provider of data-centric security technology. Today, more than 500 Enterprises worldwide rely on its tokenization and format-preserving encryption capabilities to secure the sensitive data that they have been entrusted with. The comforte Data Security Platform seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. No matter where your data is, it helps you discover, classify and protect it. With more than 20 years of experience in data security and protection of truly mission-critical systems, comforte AG is the perfect partner for organizations who want to secure their growth by protecting their most valuable asset: data.
The comforte Data Security Platform enables automated continuous discovery of sensitive data with near-real-time updates and the ability to protect structured sensitive data inside files, applications, data lakes and databases - hybrid, cloud, SaaS and on-prem. The platform also provides continuous data security at rest, in motion and in use, and deploys in a fraction of the time of traditional, API-driven solutions. By leveraging standards-based data encryption, tokenization, and masking, the comforte Data Security Platform provides granular audit and control for regulatory compliance.
For Media Inquiries
Thomas Stoesser, Executive Vice President, Marketing
Phone: + 49 611 93199 00