Skip to content

PCI Compliance is hard.
We make it easy. 

DataStealth PCI reduces the scope of your PCI Compliance audit by keeping PAN data out of your environment, while also addressing the key new PCI DSS 4.0 requirements.

PCI DSS 4.0 is here. Are you ready? 

PCI DSS 4.0 requirements are going into effect in March 2024, and your organization needs to be ready. New and important 4.0 requirements include:

  • 6.4.3:  reduce the attack surface on payment pages, including management of on-page Javascript. This includes third- and fourth-party scripts, and even scripts that run on the browser side
  • 11.6.1:  identify and alert to tampering or unauthorized changes to payment pages
  • 12.5.2:  identify all locations where account data is stored, processed, and transmitted, such as:
    • Any locations outside of the currently defined cardholder data environment
    • Applications that process cardholder data
    • Transmissions between systems and networks
    • File backups

DataStealth is PCI DSS 4.0 ready so you don't have to be. 

Don't handle your data. Tokenize it.

DataStealth PCI tokenizes PAN data before it hits your environment, and untokenizes it when it leaves—so you never need to touch data. Unlike encryption, tokenization is not based on math, and cannot be broken with clever algorithms or brute force. Tokenization replaces PAN data on the way in and out of your environment, so the data is never there to begin with, reducing the scope of your PCI audits and protecting the data in general. 

Up to 90% scope reduction

A true enterprise solution

DataStealth is built for enterprise. With fast and easy integration that’s as simple as updating your DNS, you won’t need to make changes across every page of every application on every server. That means: 

No application

No installation of agents,
collectors, or widgets

No changes to users
or workflows

Components and Functionality



Enable tokenization of PAN in existing applications and payment flows without changes.
Real-time integrity checks

Real-time Integrity

Comply with 6.4.3  with realtime integrity verification of the content of payment page, script, and header on every request.
Compliant content injection

Compliant Content Injection

Dynamic runtime injection of HTML body and scripts reduces scope applicability.


Leverage our proprietary classification and validation scoring, resulting in virtually no false positives.
Protocol Breadth


Supports  a wide variety of protocols including web, email, file transfers, and more.


Whether hosted or on-premise, DataStealth provides the management and PCI scope reduction that meets your business needs.
Tokenization choice


Tokens can be retrieved from external systems, as well as generated by the DataStealth token vault.
Token format options

Token Format

Customizable token options including format-preserving (with LuHN check validation), source preserving (i.e. first 6) tokens.

DataStealth is a PCI SSC Participating Organization
and PCI DSS Level 1 Service Provider.  


Subscribe to our Newsletter

Receive updates on the latest industry news and stay current with DataStealth developments.

Speak with our team today to start using DataStealth PCI.

Talk to an Expert

Fill out the form to connect with a cybersecurity expert.