Meeting PCI DSS compliance is a complex, demanding process that requires organizations to thoroughly understand and protect cardholder data. This involves identifying and addressing security vulnerabilities, continually updating policies, and rigorously testing security controls. With the upcoming shift to PCI DSS 4.0, which takes effect on March 31, 2025, organizations face added pressure to adapt their systems to align with the latest security standards. As organizations prepare, they’ll need to focus on more advanced security measures to meet the updated requirements and ensure robust data protection.

The Path to PCI DSS 4.0

Start by learning the new requirements and getting your team aligned. Then assess your readiness and plan how to protect your payment data.

Key Requirements with PCI DSS 4.0:

  • Discover, assess, and scan cardholder data environments (CDE) that process, manage, store or interact with payment card data, including data center servers, point-of-sale terminals, online payment web pages, and cloud-based transactions to comply with PCI DSS 4.0 requirement 12.5.2.
  • Complete inventory of cryptographic components, including encryption keys, protocols, Hardware Security Modules, and Key Management Systems
  • Card Holder Data (CHD) encryption at the file level on disk or field level in databases
  • Masking of all but the last four digits of the Primary Account Number (PAN), with PAN hashing using keyed hash operation (e.g., HMAC, CMAC)

While these goals are clear, implementing them can be challenging. Ensuring that your existing systems can continuously discover and protect PCI data requires a thorough review and often significant adjustments. Manual searches are impractical and ineffective as data volumes grow and evolve rapidly. Modern automated tools streamline this process, improving both security and cost efficiency. However, using separate tools across different systems can leave gaps in protection, making it essential to adopt integrated solutions that provide comprehensive, real-time oversight across your entire environment.

PCI DSS 4.0 Compliance Guide

Leverage the Right Technology Partners

BigID and Fortanix: Better Together

BigID is a data visibility and control platform that enables organizations to discover, classify, and categorize sensitive data comprehensively, providing data security teams with a precise view of all PCI data for targeted remediation. Fortanix complements this by encrypting, tokenizing, and masking PCI data across structured databases and unstructured file formats in hybrid and multi-cloud environments. Leveraging BigID’s sensitivity scores, Fortanix applies consistent data protection policies, ensuring that sensitive information is safeguarded according to its risk profile across all data sources.

How BigID Helps

Data Discovery

BigID connects to and scans sensitive account data across diverse data sources, including PDFs, mainframes, databases, messaging apps, pipelines, big data systems, NoSQL databases, cloud services, applications, and development environments. With BigID Hyperscan, unstructured data is processed 95% faster, while Auto-Discovery capabilities eliminate blind spots across cloud environments, ensuring comprehensive coverage of all sensitive data.

Data Classification

BigID uses a combination of pattern matching, machine learning, and Natural Language Processing (NLP) to accurately and efficiently classify account data. Customizable classifiers allow teams to identify specific cardholder and authentication details like codes, names, and PINs. This approach builds a complete, context-rich sensitive data inventory, making it easy to identify data that needs protection and remove redundant information, reducing both risk and storage costs.

Active Policy Enforcement

BigID enables proactive data protection actions across all account data. Reduce risk by encrypting, masking, or securely removing vulnerable data, and manage remediation directly through BigID or other integrated tools—no matter where your data resides. This streamlined approach simplifies the process of identifying and addressing data exposure issues across the organization.

How Fortanix Helps

The Fortanix unified data security platform helps you meet your payment and cardholder data security needs. Fortanix helps:

  • Secure files and databases with enterprise-grade encryption
  • Find and manage all encryption keys from one dashboard
  • Mask and tokenize sensitive data across all environments
  • Protect data everywhere – at rest, in transit, and in use

BigID + Fortanix for PCI DSS 4.0 Compliance

Achieving PCI DSS 4.0 compliance all starts with knowing what data you have and what data to protect. With BigID, gain a single and accurate view of your crown-jewel data regardless of where it resides – on-prem, multi-cloud, or hybrid environments. Apply necessary classification, tagging, and actions to protect data based on sensitivity tiering. With Fortanix, apply encryption policies to structured and unstructured data discovered by BigID. Together, BigID and Fortanix prepare large, complex data estates with proven protection for meeting PCI DSS 4.0 compliance.

Ready to Get Started?

See how BigID and Fortanix can streamline your path to PCI DSS 4.0 compliance. Book a personalized demo to watch our experts show you how to find and protect sensitive data across your organization. Our team will walk you through real-world examples and answer your questions about meeting the new requirements. Schedule your demo today.