Kafka poses significant challenges for securing cardholder data in compliance with PCI-DSS, particularly due to its lack of built-in encryption for data at rest. Kroxylicious, a Kafka protocol-aware proxy, enables end-to-end encryption of sensitive payment information without requiring code changes to existing applications, thus simplifying the implementation of security measures in a microservices architecture. The article discusses how to set up Kroxylicious to encrypt Kafka messages effectively.