Spotlight On: DataStealth, a New Principal Participating Organization

Welcome DataStealth, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, DataStealth’s CEO, Ed Leavens, introduces us to his company and how they are helping to shape the future of payment security.

Tell us about your company.

DataStealth is a patented Enterprise Data Security Platform purpose-built to simplify PCI DSS compliance and enhance data security. With seamless integration requiring no code changes or APIs—just a simple DNS update—DataStealth makes it easier for organizations to enhance security while meeting PCI DSS requirements.

We focus on critical areas of PCI compliance:

PCI Audit Scope Reduction: By tokenizing payment card data before it enters your environment and de-tokenizing it after it leaves, DataStealth removes cardholder data from your systems entirely. This not only enhances security but also significantly reduces your PCI audit scope—streamlining compliance and cutting down on associated costs and complexity.
PCI Tamper Detection: Our platform addresses PCI DSS v4.0 requirements 6.4.3 and 11.6.1 by detecting and preventing unauthorized changes to payment page content. This ensures the integrity of your payment systems and helps maintain compliance by providing real-time visibility, alerts and protection from any potential tampering.

With its patented technology, DataStealth empowers organizations to confidently safeguard sensitive payment data, reduce compliance burdens, and maintain the integrity of their payment systems—all without disrupting existing operations.

Why did your company decide to become a Principal Participating Organization?

We decided to become a Principal Participating Organization with the PCI Security Standards Council because we work closely with large enterprises and Qualified Security Assessors (QSAs) to address complex data security challenges. Through these partnerships, we’ve gained valuable market and technical expertise, and we believe it’s important to contribute that knowledge to the Council.

Our work spans critical areas like reducing PCI audit scope and protecting online payment pages with tamper detection and real-time enforcement, meeting key PCI DSS v4.0 requirements 6.4.3 and 11.6.1. Joining the PCI SSC as a Principal Participating Organization is a natural next step for us and an exciting opportunity to collaborate with others who share our passion for securing the payment ecosystem. We look forward to contributing our insights and working with the Council to help shape standards that address today’s challenges and tomorrow’s threats, creating a safer, more secure payment landscape for everyone.

Which benefits are you most looking forward to as a Principal Participating Organization?

We’re excited about the opportunity to engage in the Roadmap Roundtable Group (RRG) and Technology Guidance Group (TGG), where we can directly contribute to technical discussions and future-proof security standards. For DataStealth, these collaborations are a chance to bring our expertise in protecting cardholder data and securing online payment pages to the forefront. We’re also looking forward to leveraging exclusive PCI SSC events, webinars, and resources to enhance our capabilities, ensuring our solutions evolve with the Council’s requirements and best practices in payment security innovation.

Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?

The payment security landscape evolves rapidly, and active engagement with PCI SSC is vital for staying ahead of new threats. By participating at the Principal level, companies like DataStealth gain a seat at the table where critical standards are developed. This involvement allows us to ensure that payment security measures remain robust, adaptable, and effective in the face of increasingly sophisticated attacks. Engaging at this level is not just an opportunity; it’s a responsibility to help create a safer payment ecosystem for all and share our practical experience. For DataStealth, this involvement is essential to ensuring that best practices are not only effective but also practical for organizations of all sizes. Greater participation fosters a collaborative ecosystem, making it easier for businesses to adapt to compliance requirements and protect sensitive data in an increasingly complex threat landscape.

What are some payment security topics that you’re interested in collaborating on?

DataStealth is deeply committed to protecting the evolving payment ecosystem, and we’re excited to collaborate on solutions that not only enhance security but also remove friction as payment systems continue to advance. We see this as a critical opportunity to contribute to industry-wide efforts to ensure that as payment systems grow more seamless and innovative, their security becomes even stronger and able to accommodate new and emerging threats like AI.

Our focus areas include:

Protecting Online Payment Pages: Safeguarding against virtual skimming and Magecart attacks by implementing real-time, continuous monitoring systems that detect and prevent unauthorized changes to HTTP headers and script contents on payment pages. This directly addresses PCI DSS v4.0 requirements 6.4.3 and 11.6.1, ensuring the integrity of online transactions.
Reducing PCI Audit Scope: Minimizing the exposure of sensitive payment data to streamline compliance and reduce audit complexity by removing payment card information from IT environments through tokenization.
Protecting Data Access: Enhancing methods for real-time control over sensitive information by using data masking to ensure that only authorized users can view or interact with protected data.
Securing Test Environments: Mitigating risks in non-production environments by creating secure, accurate test data that maintains data integrity without exposing sensitive information.
Improving Data Visibility and Management: Developing strategies to discover and classify sensitive data across complex environments, ensuring it is properly tracked, managed, and protected at all times.
Strengthening Data Security in Transit and at Rest: Advancing tokenization techniques to replace sensitive data, safeguarding it from unauthorized access or manipulation throughout its lifecycle.

These areas are essential to creating a payment security ecosystem that is resilient to evolving threats while fostering the adoption of new features and technologies. As payment systems become faster, more connected, and increasingly user-friendly, we believe security solutions must adapt to match that pace without adding unnecessary friction.

By working with PCI SSC, we aim to contribute both technical insights and real-world expertise to develop security standards and solutions that protect cardholder data, enable innovation, and maintain trust in the payment ecosystem. We look forward to collaborating on these important initiatives to ensure the continued evolution of secure and seamless payment systems.

Source link

Spotlight On: DataStealth, a New Principal Participating Organization

Leave a Comment Cancel reply

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

Leave a Comment Cancel reply

VMWARE

Configuration Templates