Seamless PCI DSS 4.0 Compliance for ACI RPS Customers on HPE NonStop

ACI Retail Payment Solutions (RPS) customers operate some of the most complex and demanding IT environments in the world. They have a tough job on their hands balancing performance and security against the backdrop of surging threat levels and a new regulatory landscape.

Fortunately, comforte’s SecureDPS has been architected to work seamlessly with ACI RPS on HPE NonStop servers. It offers robust data protection that goes beyond PCI DSS 4.0, while preserving utility and performance.

Adapting to a new landscape

PCI DSS 4.0 introduces a range of rigorous new requirements to complying merchants, payment providers and banks. Among other things, it demands these organizations switch to stronger, state-of-the-art encryption and improve management of cryptographic keys throughout their lifecycle. That’s understandable, given what’s at stake.

Global organizations are struggling to regain the initiative as adversaries harness a seemingly endless supply of compromised credentials to breach corporate networks. One report from February claims that there are at least 10 million stolen credentials associated with EMEA organizations available for sale on cybercrime marketplaces. Threat actors are also making use of AI tools to improve and accelerate social engineering, victim selection, vulnerability exploitation and post-exploitation activity.

Network defenders must also content with a growing corporate attack surface, that continues to expand with investments in cloud, Internet of Things (IoT), AI systems, and remote working devices. As long ago as 2021, the boss of Britain’s MI6 intelligence service warned that the digital attack surface is growing “exponentially.”

Getting the balance right

From 31 March 2025, therefore, the pressure is on to follow PCI DSS 4.0, or risk non-compliance fines which could reach as much as $100,000 per month, possible exclusion from payment card networks, and major reputational damage. However, ACI RPS customers have several requirements:

• Strong data protection in line with PCI DSS 4.0 requirements
• The ability to use protected data for important business goals such as fraud detection and financial planning
• Data protection that doesn’t slow down performance for high-transaction BASE24 and BASE24-eps environments

The problem with legacy

The security-performance balance is not an easy one to get right, especially with legacy security technologies. Many of these aren’t able to offer both security and data utility—requiring that data be decrypted before it can be used in cloud-based analytics platforms, for example. This in turn can create untenable performance and operational issues, as well as exposing that data to adversaries.

Legacy real-time encryption can also introduce latency to data processing, impacting the performance of payment systems and, ultimately, the user experience. This can have a chilling effect on brand reputation and customer loyalty.

Traditional security processes like disk-level encryption are no longer fit for purpose according to new field-level protection requirements in PCI DSS 4.0. By leaving decrypted data exposed after processing, it opens the door too wide to threat actors who may be lurking. Given the ease with which many adversaries are breaching networks with compromised credentials today, this is a growing risk.

How comforte and ACI RPS fit together

The good news is that comforte SecureDPS helps to solve all of these challenges. It offers tokenization—which works by substituting sensitive data elements like primary account numbers (PANs) with unique tokens across the Cardholder Data Environment (CDE). This enables the data to be used in analytics tools without compromising on security. In the same way, tokenization can reduce the scope and cost associated with PCI DSS compliance and auditing.

Directly deployed on NonStop servers, the solution is also uniquely architected to work seamlessly across high transaction volumes, and leverages the NonStop architecture to enhance scalability and performance.

Let’s recap those benefits:

Compliance with PCI DSS 4.0 thanks to tokenization, which ensures PANs are safe even if a data breach occurs.

Data utility is preserved so card information can be used in fraud prevention and other analytics use cases to benefit the business.

Native support for BASE24 and BASE24-eps means speedy deployment on NonStop servers, with few changes to existing configurations, architectures and workflows required.

Cost and simplicity are enhanced, because tokenization ensures large volumes of card data are out of scope for PCI DSS compliance. The comforte solution also removes the need for compensating controls, thus helping to keep costs down.

With comforte SecureDPS, ACI RPS customers can drive streamlined compliance not only with PCI DSS 4.0, but other regulatory mandates that demand the strongest data protection posture possible.

To find out more about comforte SecureDPS, please visit: https://www.comforte.com/resources/comforte-data-protection-for-aci-retail-payments-solutions-on-hpe-nonstop