PCI DSS Encryption
PCI DSS is the acronym used for the Payment Card Industry Data Security Standard. This set of compliance regulations was created in 2004 and is managed by the Security Standards Council, a group that includes MasterCard, Visa, American Express, Discover Financial Services and JCB International.
The Payment Card Industry includes any merchants or organizations that accept, store, process or transmit data of credit or debit card holders. The DSS compliance regulations protect the names of card holders along with card numbers, expiration dates, PIN numbers, magnetic stripe data and more. Such regulations are in place to police credit card fraud, identity theft and other types of theft associated with the use of payment card information.
The Role of Encryption in DSS
The PCI DSS is made up of six components to maintain the safe handling of cardholder data. Encryption is just one of these six objectives.
According to the objective, merchants and organizations must:
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
In other words, cardholder information must be encrypted whenever it is stored or transmitted. Encrypting files involves the conversion of information into an unintelligible form that can only be decrypted by the holder of a designated cryptographic key.
The details of the PCI DSS encryption protocol include:
- Transparent Data Encryption (TDE) or full disk encryption (recommended)
- Keys must be changed at least once a year
- The use of Extensible Key Management with a third-party encryption provider is recommended
- The full card number should not be clearly visible anywhere on the database
- An external program should be used to retrieve the card number if necessary and access to that program should be kept limited
- Secure Sockets Layer (SSL) encryption should be configured
Merchants and organizations that must adhere to PCI DSS regulations must implement an encryption protocol. Managed service providers and IT professionals use software from SolarWinds MSP (formerly LOGICnow) to keep payment card information encrypted according to PCI DSS. Sign up for a free 30-day trial today to see how you can, too.
PCI Security Standards: https://www.pcisecuritystandards.org/document_library