PCI DSS v4.0 goes in effect March 2024 - Are you ready?

Meet PCI DSS v4.0 requirements with no code changes - your current encryption is not enough

Key Changes from v3.4.1,, and 4

  • Storage-level encryption, such as TDE/FDE, does not protect against compromised user credentials
  • Instead, file-, column-, or field-level database encryption is required
  • Masking is required for display to personnel on a business need-to-know basis


  • Secure your data in PostgreSQL and MySQL
  • Bring Your Own Key (BYOK) ensures you control access to your data in AWS, Azure, and GCP
  • Logical database, column-level or row-level protection


  • Sensitive data is anonymized on ingest and is protected in analytics projects on AWS Redshift and Snowflake
  • Queryable encryption in PostgreSQL enables any and all operations, including sort, search, and mathematical operations on protected data
  • Baffle is the easiest, fastest, and most flexible way to analyze regulated data

Key Benefits

Icon Padlock


Regulated Data is anonymized on ingest and is protected in analytics projects

Icon Cubes


The data is protected everywhere it flows, without changes to analytics

Icon Key


Your key controls access to your data



Does not require specialized hardware or infrastructure to scale up or down

Icon Lightning Bolt


There is no perceived impact on analytics or data science performance