Some of the world’s
largest and most highly regulated organizations use HPE NonStop infrastructure
to power their operations. For payment processors,
merchants, acquirers, and other financial services providers, ACI’s Retail
Payments Solutions (RPS) such as BASE24 and BASE24-eps are also a must. The
combination is a powerful one. But there’s an important missing piece of the
puzzle. As cyber threats and compliance challenges proliferate, IT leaders need
data security partners they can trust.
The right technology, architected to meet
the demanding requirements of HPE NonStop customers, will not just minimize
financial and reputational risk, but also provide a springboard for business
growth.
NonStop in the firing line
NonStop systems are
built with security in mind, and they need to be. There were over 3,100 data compromise incidents in the US alone in 2024 – a near
record – resulting in over 1.3 billion victims. Financial services was the most
compromised sector, accounting for nearly a quarter (23%) of incidents. That’s
not surprising given the large volumes of highly sensitive data such
organizations manage. But it’s a growing concern, as the cybercrime economy
continues to grow and professionalize.
UK government experts have warned that AI advances will lead to “an increase in
frequency and intensity of cyber threats” over the coming two years. But
they’re also achieving their goals in far more prosaic ways – such as using
stolen, phished and breached credentials to login to sensitive corporate
systems as legitimate users.
Their job is made
easier by the fact that even well-resourced companies are finding it hard to
recruit the talent they need to staff IT security teams. And by the growing
size and diversity of their supply chains, which together with continued
investment in digital transformation, is expanding the corporate attack
surface.
PCI compliance means business
It is evolving
challenges like these that the payment card industry (PCI) security standards
council (SSC) is continually assessing, in order to keep its flagship data
security standard (PCI DSS) relevant and effective. As a result, PCI DSS 4.0,
which became mandatory on March 31, 2025, introduces stricter requirements for
securing primary account numbers (PANs) and other payment data at rest – among
dozens of new rules.
It means that many
traditional approaches to security like disk-level encryption are no longer fit
for purpose. NonStop customers running BASE24 and
BASE24-eps environments may also find it challenging to meet PCI DSS 4.0
requirements without impacting system performance during the processing of
high-transaction volumes. And to ensure that any encryption solution they do
use doesn’t act as a roadblock to important business analytics initiatives.
Towards data-centric security
In a world of mounting
cyber risk and compliance challenges, data-centric security can help to put
network defenders back in control. It’s based on a continuous cycle of data
discovery, classification and protection to not only meet but exceed the PCI DSS
4.0 requirements for data at rest. By tokenizing sensitive payments data like
PANs, organizations can reduce the scope and cost of compliance, while ensuring
data can still be used for important initiatives like fraud detection.
Even better, comforte
is designed specifically with ACI RPS in mind, which means it’s fast to deploy with
BASE24 and BASE24-eps payment switches, and benefits
from minimal latency. It also secures data at the field level, with
format-preserving tokens that retain the structure and length of PANs. This
ensures compatibility with legacy systems and minimal disruption to processing
logic. Additional support for non-ACI applications keeps all bases covered for
NonStop customers.
From compliance to growth
For payments, financial services and retail
organizations, PCI DSS 4.0 is non-negotiable. But while non-compliance raises
the prospect of large fines and exclusion from payment card networks, there’s a
more positive case to be made for the standard.
It’s effectively a step-by-step guide to
building a more resilient and secure data environment. That’s important not
just for mitigating the risk of potentially costly and reputationally damaging
breaches. It could also provide a platform for scaling up customers and payment
volumes, investing in innovative digital systems, and potentially even expanding
globally.
