comforte AG: Comforte AG sees that parts of the credit card industry and merchants are not yet sufficiently prepared for stricter international security standard PCI 4.0

Comforte AG sees that parts of the credit card industry and merchants are not yet sufficiently prepared for stricter international security standard PCI 4.0

• New security standards in electronic payment transactions lead to increased security requirements for companies
• Non-compliance can result in high fines and the revocation of credit card licenses
• Customer data must now be better protected against hacker attacks

Wiesbaden, 18th July 2023 – "Many companies from the credit card industry and affiliated merchants, are not yet sufficiently prepared for the tightened security requirements, due to the extended security requirements PCI 4.0. The first new protection protocols of the industry standard PCI DSS V4.0 (PCI 4.0) come into force as early as March 2024. Those who do not comply with these will not only endanger consumers and themselves in the event of hacker attacks but will also have to reckon with quite severe penalties. In the most severe case, this can also result in a license revocation," says Michael Deissner, CEO of cybersecurity specialists comforte AG. 

PCI 4.0 stands for Payment Card Industry Security Standard. PCI is a widely recognized set of rules and regulations by the credit card organizations in payment transactions that govern the processing of credit card transactions. The new PCI 4.0 security standards relate in particular to the areas of data recognition and classification. They are intended to make the handling of credit card data more secure, and to exclude or minimize possible damage to credit card users, retailers and companies, in the event of cyberattacks by criminals. The new measures include ongoing data identification and classification based on risk, stricter authorization management that governs access to sensitive data, and inventory of credit card data systems.

The new PCI regulations focus, among other things, on requirements for a complete inventory of where sensitive credit card data - such as sales and personal customer data - must be transferred, used, and stored temporarily and permanently. This data must be classified according to the level of potential damage from cyberattacks. Based on this classification, the access of all persons to this data must be regulated, monitored and regularly adjusted.

comforte AG, a leading provider of enterprise data security solutions and data-centric encryption technology to defend against cyberattacks, already meets the tightened requirement profile of PCI 4.0. All companies that come into contact with and process credit card data will have to have implemented the required optimized security protocols starting in March 2024.

comforte's solutions help companies achieve PCI compliance. With comforte's SecurDPS solution, format-preserving encryption makes credit card data unusable for unauthorized parties. For companies, however, the secure sending, processing, use and storage of data is still possible. The implementation of SecurDPS is also accompanied by a PCI-compliant classification and inventory of data storage and its movement profiles, so that a traceable authentication of legitimate users that can be verified and adjusted at any time is possible. SecurDPS users include not only the largest credit card companies, which encrypt more than 4,000 credit card payments every second using the comforte solution, but also global retailers such as the U.S. department store chain Macy`s.

Michael Deissner: "New, successful hacker attacks on industry and infrastructure are reported every day, causing billions in damage every year. The globally networked financial and credit card industry in particular, with its millions of connected merchants, is a permanent and rewarding target for cyber criminals. That is why we welcome the new tightened rules of the PCI regime. We can already offer any company working with large volumes of credit card transaction data, tailored security solutions, that are fully compliant with the extended requirements now defined under PCI."

About comforte AG

comforte AG is a leading provider of enterprise data security solutions. Today, more than 500 companies worldwide rely on comforte's tokenization and format-preserving encryption capabilities to protect sensitive data. comforte's Data Security Platform integrates seamlessly with the most advanced cloud-based environments as well as traditional core systems. It helps customers discover, classify and protect data regardless of where it resides.

With more than 20 years of experience in data security and data protection of mission-critical systems, comforte AG is the perfect partner for companies looking to secure their growth by protecting their most valuable asset: Their data.

Follow us on LinkedIn and Twitter.

comforte AG

Thomas Stoesser
Executive Vice President, Marketing & Product Management
Email: t.stoesser@comforte.com
Phone: + 49 611 9319900

Business Media:
edicto GmbH
Axel Mühlhaus/Ralf Droz
E-mail: rdroz@edicto.de
Tel.: + 49 69 90550554