On Oct 31, 2025, at 17:24, Clay Jackson (cjackson) <[email protected]> wrote: > > I can't disagree - but the question them becomes, as Markus and other have > pointed out; would that allow a customer/user to check the "Encryption" box > for PCI or any other "compliance review"
The answer is: it depends (doesn't it always?). Doing secure column-level encryption meets the PCI standard, and a competent PCI auditor will know that. However, TDE has this cache as being "the way one does it," and if the organization is that way, it's hard to move them off of it. As a sign of how the PCI world views TDE, at least one of the major credit card associations does not use it, and they have literally everyone's credit card number, with expiration date and CVV, sitting on their disks.
