PCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions

If you follow PCI developments at all, you no doubt have heard of the new end-to-end encryption guidance released a couple of weeks ago by the PCI Security Standards Council (available at https://www.pcisecuritystandards.org/pdfs/pci_dss_emv.pdf and https://www.pcisecuritystandards.org/pdfs/pci_ptp_encryption.pdf).  The Council observed there are no clear standards for encryption for every step of the transaction process.  To assist merchants and others in better complying with the PCI Data Security Standard, the Council has issued this guidance.

Apart from assisting you in your own PCI DSS compliance efforts, this new guidance should be incorporated into your due diligence procedures in assessing the compliance of vendors and business partners with whom you may share cardholder information.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web