NonStop Insider

job types

Site navigation

Recent articles



For monthly updates and news.
Subscribe here
NonStop Insider

Accelerating the Journey to PCI DSS 4.0 Compliance with ACI Worldwide



Regulatory compliance is a fact of life for any business. And for those that accept, process, store or transmit credit card information, that means ensuring they meet the exacting requirements of PCI DSS. The card industry data security standard is two decades old this year, and its latest iteration promises a step change in how organizations are required to manage and secure their cardholder data environments (CDEs).

Non-compliance is not an option. However, the process itself can be extremely time-consuming and expensive for many organizations. Fortunately, a new partnership between comforte and payments software giant ACI Worldwide should help to streamline the journey.

Continuous compliance

PCI DSS 4.0 has been billed as the biggest update to the standard since it was launched back in 2004. It features a string of changes to underlying requirements, intended to ensure the standard keeps pace with the rapid pace of technological change and threat actor innovation. These include a demand that organizations go beyond disk-level encryption to ensure all data residing in applications is also protected.

More generally, there’s a desire among industry body the PCI Security Standards Council (PCI SSC) to:

How will ACI Worldwide customers benefit? 

There’s plenty to take on board before the April 1, 2025 deadline for compliance. But one recent announcement will help compliance efforts. Customers using ACI Worldwide payment software in their CDE can now take advantage of leading data protection technology from comforte, which works seamlessly with the firm’s products.

Specifically, thanks to a new partnership, ACI Worldwide now recommends comforte for its ACI Banking (i.e., Issuing and Acquiring) products in order to meet the data-at-rest requirement of PCI DSS 4.0. Those products are as follows:

The comforte products support PCI DSS 4.0 compliance by protecting what matters most: cardholder data. They offer several benefits:

Automatic and continuous discovery and classification of data, wherever it resides in the organization.

Multiple protection mechanisms including classic encryption, masking, tokenization and format-preserving encryption (FPE). Tokenization can help organizations use data for business value creation via analytics without exposing it to the risk of data theft.

Advanced integration without the need to change underlying applications.

Flexible deployment on-premises, in the cloud, or a hybrid combination of the two.

Futureproofing against changes in the IT environment/CDE thanks to a flexible, elastic and self-healing architecture that is designed to adapt and adjust to future requirements.

Enhanced security with integration into identity and access management (IAM) tooling, and built-in audit and analysis functionality.

Getting started

ACI says its products will work with comforte’s with minimal effort. ACI recommends customers establish a vendor agreement directly with comforte and plan a roadmap aligning to the March 31, 2025, PCI DSS 4.0 compliance deadline.

Once they’ve done that, it’s encouraging customers to reach out to their ACI Account Owner and the firm’s professional services team, which will help with work on deployment. There’s about a year to go before PCI DSS 4.0 becomes a reality. By using comforte to secure data at rest, organizations can take a massive stride towards compliance today.

Learn how to discover, classify, and protect
all sensitive data.

Click the button below to download the solution brief for our Data Security Platform:

Download Solution Brief