Americas

  • United States

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeBlogsOverly on SecurityPCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions
michaeloverly
by Michael Overly

PCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions

Opinion
Oct 26, 20101 min
Data and Information Security

If you follow PCI developments at all, you no doubt have heard of the new end-to-end encryption guidance released a couple of weeks ago by the PCI Security Standards Council (available at https://www.pcisecuritystandards.org/pdfs/pci_dss_emv.pdf and https://www.pcisecuritystandards.org/pdfs/pci_ptp_encryption.pdf).  The Council observed there are no clear standards for encryption for every step of the transaction process.  To assist merchants and others in better complying with the PCI Data Security Standard, the Council has issued this guidance.

Apart from assisting you in your own PCI DSS compliance efforts, this new guidance should be incorporated into your due diligence procedures in assessing the compliance of vendors and business partners with whom you may share cardholder information.

michaeloverly
by Michael Overly

Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author

Most popular authors

Show me more

news

Okta confirms recent hack affected all customers within the affected system

By Shweta Sharma
Nov 30, 20233 mins
Data BreachCyberattacksCybercrime
Image
news

Top cybersecurity product news of the week

By CSO staff
Nov 30, 202317 mins
Generative AISecurity
Image
feature

How to maintain a solid cybersecurity posture during a natural disaster

By James Careless
Nov 30, 20238 mins
Security Operations CenterData and Information SecuritySecurity Practices
Image
podcast

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins
CSO and CISO
Image
podcast

CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University

Oct 16, 202315 mins
CSO and CISO
Image
podcast

CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape

Oct 10, 202316 mins
CSO and CISO
Image
video

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins
CSO and CISO
Image
video

AI and Cybersecurity: Speed Bumps, Training, and Communication

Nov 06, 202317 mins
CyberattacksGenerative AI
Image
video

CSO Executive Sessions Australia with Robbie Whittome

Oct 16, 202315 mins
CSO and CISO
Image