PCI DSS for payment data in Cybersecurity - Time & Space Complexity

When working with PCI DSS for payment data, it is important to understand how the time needed to process and secure data grows as the amount of payment data increases.

We want to know how the effort to check and protect payment information changes when more transactions happen.

Analyze the time complexity of the following code snippet.

// Example: Validate and encrypt payment data records
for (const record of paymentData) {
  if (validate(record.cardNumber)) {
    const encrypted = encrypt(record.cardNumber);
    store(encrypted);
  }
}
    

This code checks each payment record, validates the card number, encrypts it if valid, and stores the encrypted data.

• Primary operation: Looping through each payment record to validate and encrypt.
• How many times: Once for every record in the payment data list.

As the number of payment records grows, the time to validate and encrypt grows in a similar way.

Input Size (n)	Approx. Operations
10	About 10 validations and encryptions
100	About 100 validations and encryptions
1000	About 1000 validations and encryptions

Pattern observation: The work grows directly with the number of payment records; doubling records doubles the work.

Time Complexity: O(n)

This means the time to process payment data grows in a straight line with the number of records.

[X] Wrong: "Encrypting payment data takes the same time no matter how many records there are."

[OK] Correct: Each record must be encrypted separately, so more records mean more work and more time.

Understanding how processing time grows with data size helps you explain how security checks scale in real systems, showing you grasp practical cybersecurity challenges.

"What if we batch encrypt multiple payment records at once? How would the time complexity change?"